Security tools & experiments

Tools should expose their assumptions—not hide them behind claims.

This is a curated project portfolio, not a mirror of every public repository. Featured tools are described by demonstrated behavior, lifecycle, and limitations so visitors can judge what is ready to use and what remains experimental.

Publication gate · 02

What makes a project portfolio-ready.

The same evidence discipline used for vulnerability claims also applies to code, examples, standards language, and safety behavior.

01

Purpose and boundary

The repository states what it does, what it does not do, and the authorized context in which it belongs.

02

Safe examples

Example data is synthetic, failure behavior is explicit, and sensitive operational details are absent.

03

Verifiable behavior

Documented claims are supported by tests, reproducible commands, or clearly scoped manual validation.

04

Lifecycle clarity

License, maintenance state, limitations, and release maturity are visible before someone relies on the tool.

Review queue · 03

Experimental repositories remain visible on GitHub—not endorsed here.

Recon helpers, engagement-data tools, segmentation prototypes, credential-processing utilities, and media-sanitization experiments require different reviews before promotion.

Items with unsafe examples, ambiguous failure handling, outdated standards language, sensitive-data exposure, incomplete documentation, or unsupported assurance claims stay outside the featured catalog until corrected.

Browse the public repository profile opens in a new tab

Build for the workflow

Need a security question turned into a defined engagement?

Tools support the work; they do not replace scope, authorization, manual validation, or reporting built for remediation.

Explore security services