Chainsaw is a Windows forensic analysis tool used for parsing system databases and extracting security artefacts. It functions as a forensic artefact extractor and a scanner for identifying security threats and log tampering within Windows event logs. The project distinguishes itself by implementing a Sigma rule forensic scanner that applies standardized detection logic and custom rule sets to event logs and forensic artefacts. It enables threat hunting workflows by matching event data against patterns to identify malicious activity, lateral movement, and brute force attacks. The tool's capa
ChatLab is a self-hosted chat database and data pipeline designed to normalize, store, and analyze large-scale social conversation histories. It functions as an analytics platform that uses large language models to extract patterns and insights from messaging data imported from multiple platforms. The system distinguishes itself through an AI-powered analysis engine that utilizes vector-based history analysis and agent-based function calling to summarize conversation trends. It further identifies behavioral patterns by generating visual analytics, including heatmaps, word clouds, and activity
BongoCat is a cross-platform desktop utility that provides real-time visual feedback for keyboard and mouse activity. It functions as an interactive companion that renders an animated character on the screen, which reacts dynamically to user inputs. The application operates entirely offline, ensuring that all input processing remains local to the user environment without external network dependencies or data collection. The software distinguishes itself through a flexible asset-based rendering system that allows users to import and apply custom character designs. By intercepting low-level inp
SocialFish is a credential harvesting tool and phishing framework designed to intercept usernames, passwords, and two-factor authentication codes through deceptive web pages. It functions as a social engineering platform and information gathering tool used to collect target data and system information for security research and penetration testing. The system utilizes a reverse proxy to tunnel network traffic and capture real-time HTTP requests and session cookies. It features a live operator panel for intercepting one-time passwords and employs browser-based cloning to replicate authenticatio