We've been contributing to open source since 1996. These are the tools we've built, maintain, and use in our own engagements. All freely available.
Recursive infrastructure surface analysis tool. Maps endpoints, enumerates configurations, identifies misconfigurations and CVEs across multi-cloud environments. Built in Go.
Interactive threat modeling tool that generates STRIDE-based threat models from system architecture diagrams. Exports to ADR format for team documentation.
Policy-as-code framework for SOC 2, HIPAA, PCI-DSS, and GDPR. Integrates with Terraform, Pulumi, and CloudFormation to enforce compliance controls at deploy time.
Prompt injection detection and prevention middleware for LLM applications. Supports OpenAI, Anthropic, and open-source model APIs. Includes adversarial test suite.
Network scanning and DNS analysis toolkit with capabilities comparable to Nmap. Includes email provider identification, OSINT enrichment, and automated reporting.
Multi-cloud secrets rotation and synchronization tool. Manages secrets across Google Cloud Secret Manager, AWS Secrets Manager, and HashiCorp Vault with audit logging.
Whether you're designing a new platform, scaling an existing one, or navigating a compliance milestone — we'll meet you where you are.