A battery-included passive DNS monitoring tool. Website:


A cross-platform process-aware tcpdump. Project Github: tcpshark

byosh and sniproxy

A transparent web proxy using DNS and routing based on Server Name Indication (SNI) TLS extension. original Python project on github. Newer Golang version on github


A DNS C2 framework built on ECC. Project Github: dnspot


A proof-of-concept EDR using Golang and eBPF. Project Github: ebpf-edr

binary tools

A set of statically-linked binaries designed to be shipped quickly and removed safely from containers, servers and workstations. Useful for Forensics investigation and K8s troubleshooting. Project Github: binary-tools

arkime container

A Go wrapper for Arkime(formerly Moloch) full packet indexing tool to make it container-friendly. Project Github: arkime-container