C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel

Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels.

Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material.

Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats.

Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity.

AIS vessel tracking & sanctions-evasion anomaly detection

Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON.

MCP server hardening linter — capability declarations, transport, tool descriptions

Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface with a tiny YAML DSL.

Self-hosted password cracking queue — multi-user hashcat with audit log

Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.

Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture.

Starter templates: Python CLI, MCP server, Dockerfile, CI, devcontainer, and more

Verifiable AI-agent identity + multi-hop delegation chains anchored to a human principal (the unsolved 2026 agent-auth gap)

Proposal / quote / SOW generator — YAML to branded PDF

Misinformation provenance tracer — earliest-known appearance graph

TLS cert lifecycle & rogue-issuance watch via Certificate Transparency

Portable long-term memory store for agents, exposed over MCP

Lightweight MCP-native CRM pipeline with email sequences

Zero-setup data-quality checks on any file or warehouse via DuckDB