Open Source Endpoint Detection Response

Opik is an observability and evaluation platform designed for generative AI applications and agentic workflows. It provides a centralized environment for tracing execution flows, managing prompt templates, and monitoring production performance, allowing teams to gain visibility into complex model interactions and tool usage without requiring manual application code changes. The platform distinguishes itself through its integrated approach to the AI development lifecycle, combining distributed trace instrumentation with automated evaluation frameworks. It supports model-as-a-judge scoring, synthetic data generation, and the conversion of production traces into structured test cases, enabling developers to iteratively refine prompts and agent behavior. By offering a collaborative debugger and chat-based workspace management, it facilitates direct interaction with execution data to identify errors and implement code remediations. Beyond core observability, the system includes tools for dataset versioning, custom metric definition, and cost analysis to track resource allocation across teams. It also features a model gateway to standardize logging and security across diverse model providers. The platform is built for flexible deployment, supporting containerized execution and orchestration via Kubernetes to ensure consistency across local and cloud environments.

dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, set breakpoints, and inspect memory state within compiled binaries to troubleshoot application behavior. Beyond core analysis and debugging, the platform provides an interactive scripting environment for automating repetitive tasks and manipulating assembly structures. It includes capabilities for abstract syntax tree manipulation and memory-mapped file inspection, allowing users to navigate between high-level code constructs and raw binary data.

Claude Code is a command-line interface and multi-agent orchestration framework designed for autonomous software engineering. It enables AI agents to perform codebase modifications, debugging, and Git workflow management while coordinating multiple specialized agents to decompose and execute complex engineering tasks in parallel. The system distinguishes itself through a high degree of isolation and safety, utilizing Git worktrees to create independent working directories for concurrent agents and implementing a tiered permission system that combines user rules, project policies, and OS-level sandboxing. It further extends its reach as an autonomous computer use interface, capable of driving web browsers and operating system interfaces via natural language through screen capture and simulated input. Broad capability areas include Model Context Protocol integration for external tool discovery, advanced context management to optimize token usage and persistent project memory, and remote agent administration via WebSocket bridges for distributed execution. The framework also incorporates atomic file operations with snapshot-based recovery and comprehensive monitoring for API expenditure and tool execution tracing.

This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities.

Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations against datasets, and conducting side-by-side model output comparisons. The system covers a broad range of operational capabilities, including cron-based task scheduling, multi-tenant workspace isolation, and human-in-the-loop review workflows. It also manages long-term memory through semantic search and provides automated scaling of compute resources across cloud environments. A command-line interface is provided for local agent validation, graph packaging, and rapid testing via a local development server.

OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It supports complex, multi-agent collaboration via hierarchical task delegation, allowing parent agents to spawn and manage independent sub-agents for parallelized workflows. Security is managed through configurable action approval policies and real-time risk evaluation, ensuring that autonomous operations remain within defined safety boundaries. The system covers a broad capability surface including persistent conversation state management, automated code review, and web research automation. It features an event-driven architecture that serializes interactions into immutable logs, facilitating observability and time-travel debugging. Developers can extend agent functionality through custom skill definitions, plugin packages, and integration with external services via standardized protocols. The project provides a command-line interface for managing agent sessions, remote server deployments, and containerized workspace lifecycles. It is designed for extensibility, allowing users to configure agent behavior through structured objects, markdown-based definitions, and environment-specific settings.

This project is a framework for managing generative AI services through a unified provider interface and adapter layer. It provides a standardized API for calling multiple cloud-based and locally hosted models, translating provider-specific parameters and responses into a uniform format. The system includes an agent orchestrator designed for long-running tasks, featuring state persistence for resuming runs and execution tracing to monitor decision-making processes. It integrates the Model Context Protocol to connect models to external servers and filesystems and employs a policy-based execution system with approval lists to control tool calling. Additional capabilities cover automated tool execution through schema generation, local desktop automation, and speech-to-text transcription. The project also provides a conversational coding interface for file editing and shell command execution, as well as specialized subagents for read-only code review.

Anthropic's terminal-native AI coding agent.

mcp-agent is a framework for building AI agents that integrate with Model Context Protocol servers to execute tools and access data. It functions as a multi-agent orchestrator and protocol-compliant server, enabling the creation of agents that can discover and invoke tools from connected external servers. The project distinguishes itself through a durable workflow engine that supports long-running tasks capable of pausing, resuming, and surviving restarts. It implements complex orchestration patterns, including iterative evaluator-optimizer loops, hierarchical workflow nesting, and specialist request routing to handle multi-step objectives and deep research investigations. The framework provides comprehensive capabilities for agent management, provider-agnostic model interfaces, and agentic observability using the OTLP standard for distributed tracing and token usage tracking. It also includes systems for secure credential handling via OAuth, cloud deployment for protocol servers, and automated behavior verification for tool execution. The project includes a command-line interface for project bootstrapping, scaffolding templates, and managing the lifecycle of deployed agent applications.

This application is a desktop network traffic analyzer that provides real-time monitoring and forensic inspection of data packets. By interfacing directly with low-level system drivers, it captures raw network traffic from physical or virtual adapters to identify communication patterns, track bandwidth usage, and diagnose connectivity issues. The system distinguishes itself through an immediate-mode graphical interface that rebuilds the display state every frame, ensuring high responsiveness during live data updates. It maintains performance by using asynchronous message passing to decouple the packet capture engine from the rendering thread. To provide context for network activity, the application performs real-time enrichment through high-speed database lookups, enabling features like autonomous system identification, host location mapping, and reverse DNS resolution. Beyond basic monitoring, the tool includes comprehensive diagnostic and security capabilities. Users can apply granular traffic filtering, manage alert conditions for specific network events, and utilize automated threat detection to identify and block suspicious connections. The software also supports the recording of traffic data into standard file formats for offline analysis and provides configuration options for operation within isolated containerized environments.