HomeToolsDocsPricingGalleryExtensionContact Get the App
// tools

Everything in the box.

86 real CLI security tools (69 offensive, 17 defensive), each in a graphical interface. Plus bundled wordlists and a fully offline reference library. Anything not already on your machine installs in one click from the in-app Tool Status page.

// red team - offensive

69 offensive tools

Recon & OSINT 11

Footprinting & OSINT

  • subfinderSubdomain discovery
  • amassAttack-surface mapping
  • theHarvesterEmail / host OSINT
  • sherlockUsername hunting
  • maigretUsername profiling
  • holeheEmail account check
  • spiderfootOSINT automation
  • recon-ngRecon framework
  • shodanShodan search
  • metagoofilDocument metadata
  • wafw00fWAF fingerprint

Web Recon 12

Web discovery & enumeration

  • httpxHTTP probing
  • dnsxDNS toolkit / resolver
  • gowitnessBulk web screenshotting
  • kiterunnerAPI endpoint discovery
  • katanaWeb crawler
  • gauHistorical URL fetch
  • ffufWeb fuzzer
  • feroxbusterRecursive content discovery
  • arjunParameter discovery
  • whatwebWeb fingerprint
  • wpscanWordPress scanner
  • niktoWeb server scanner

Vuln Scanning 12

Vuln scanning & exploitation

  • nucleiVulnerability scanner
  • XSStrikeXSS detection & exploitation
  • trufflehogSecret scanner
  • sqlmapSQL injection
  • dalfoxXSS scanner
  • commixCommand injection
  • corsyCORS misconfiguration
  • wapitiWeb app vuln scanner
  • jwt_toolAnalyze / tamper / crack JWTs
  • trivyCVE / misconfig / secret scanner
  • gitleaksHardcoded-secret detection
  • searchsploitExploit-DB search

Network 7

Network scanning & discovery

  • nmapNetwork / service scanner
  • naabuFast port scanner
  • rustscanFast port scanner
  • masscanMass port scanner
  • netdiscoverARP discovery linux
  • enum4linuxSMB enumeration
  • smbmapSMB share enum

Passwords 5

Credential attacks

  • hashcatGPU password cracking
  • johnPassword cracking
  • hydraLogin brute force
  • cewlWordlist generator
  • crunchWordlist builder

Post Exploitation 7

Windows / AD / pivoting / post-ex

  • impacketAD attack suite
  • chiselTCP/UDP tunnel & pivot
  • ligolo-ngTunneling / pivot proxy
  • Payloadslinpeas / winpeas / pspy, served over HTTP
  • nxc / cmeAD swiss-army knife (NetExec)
  • evil-winrmWinRM shell
  • smbclientSMB client

Cloud 3

Cloud security auditing & attack paths

  • CloudFoxCloud attack-path enumeration
  • ProwlerCloud security posture audit
  • ScoutSuiteMulti-cloud security audit

Exploitation 1

Exploit frameworks

  • metasploitExploitation framework (full workspace + console)

Reverse Engineering 4

Binary / APK reverse engineering

  • ghidraNSA decompiler - headless auto-analysis
  • radare2Disassembler / binary analysis
  • jadxAndroid (APK/DEX) decompiler
  • apktoolAPK decode / rebuild

Fuzzers 1

Directory & content fuzzing

  • gobusterDirectory brute force

Wireless 6

Wireless attacks

  • aircrack-ngWPA/WPA2 PSK crack from capture
  • airodump-ngAP scan + handshake capture
  • hcxdumptoolPMKID + 4-way capture
  • wifiteAutomated WPA/WPS cracking
  • bettercapWi-Fi + BLE recon / MITM
  • bluetoothctlBluetooth scan + pair linux
// blue team - defensive

17 defensive tools

Flip the header toggle and the whole app swaps to blue mode - DFIR, threat hunting, and detection engineering, with an Analyst agent to match.

DFIR 4

Memory / disk / timeline forensics

  • volatility3Memory forensics
  • sleuthkitDisk filesystem walk
  • log2timelineForensic timeline
  • evtx_dumpParse Windows EVTX logs

Threat Hunting 5

YARA, Sigma, event-log hunting

  • yaraPattern matching
  • sigma-cliDetection rules
  • chainsawWindows event-log hunt
  • hayabusaWindows event timeline
  • zircoliteSigma-based EVTX detection

Network Defense 3

IDS rules, packet analysis

  • suricataIDS replay on pcap
  • zeekProtocol analyzer
  • tsharkCLI Wireshark

Malware Analysis 5

Static analysis, capability detection

  • capaCapability detection
  • flossDeobfuscated strings
  • clamscanAV signature scan
  • ssdeepFuzzy hashing
  • exiftoolMetadata extraction
// bundled wordlists

Wordlists, built in.

Six curated wordlists ship inside the app, picked from a dropdown right in the tool forms (ffuf, gobuster, hashcat, john, hydra and more). Need more firepower? One click installs the full SecLists arsenal, thousands of lists plus rockyou, and any wordlists already on your machine are detected automatically. No path hunting.

  • web-common.txtCommon web paths & files
  • web-raft-small.txtRAFT small web content
  • dns-subdomains-5000.txtTop 5,000 DNS subdomains
  • users-common.txtCommon usernames
  • users-top-shortlist.txtTop usernames (shortlist)
  • pass-common.txtCommon passwords
// offline reference library

A whole reference shelf.

The in-app Library bundles the cheat-sheets you keep in browser tabs - all searchable, all working offline.

  • GTFOBinsUnix binaries for privesc & bypass
  • LOLBASLiving-off-the-land Windows binaries
  • WADComsWindows / AD offensive command cheats
  • Reverse shellsGenerator + one-click nc listener
  • Payloads & dorksInjection payloads + Google dorks
  • CVE browserSearch CVEs by keyword / product
  • CyberChef-liteEncode / decode / hash, offline

One download. The whole toolkit.

86 tools, 6 wordlists, the reference library, the AI agent - all on your machine.

3-day trial, no card. All plans annual: Personal $99.99, Consultant $499.99, Team $1,999. Card or crypto.