// artifact family
threat intelligence
9 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- ioc extractordrop any file or paste text · extract indicators of compromise · ips · domains · urls · hashes · emails · cves · export stix · csv · runs locally
- yara rule testerpaste a yara rule · drop a file · see matches · which strings and conditions triggered · educational · runs locally
- malware string analyzerdrop a binary or paste strings · score for maliciousness · cluster by category · flag c2 patterns · apis · paths · runs locally
- osint normalizerpaste osint dump · extract emails phones ips crypto handles · disposable tor private heuristics · e.164 · five tabs · per-category csv · runs locally
- ttp consistency analyzerpaste ioc list + observed ttps · score consistency vs bundled actor profiles · runs locally
- malware config extractorpaste malware strings or config blob · extract c2 urls · mutex · named pipes · runs locally
- compile time timezone analyzerdrop pe file · read pe timestamp · map to timezone bands · business hours inference · runs locally
- c2 framework traffic fingerprinterdrop pcap files or http log exports · fingerprint cobalt strike sliver havoc brute ratel metasploit c2 traffic · beacon interval analysis · malleable c2 profiles · jarm fingerprints · uri patterns · runs locally
- binary compiler and language identifierdrop pe elf or macho binaries · identify compiled language · go rust nim python compiled dlang zig · detect compiler version · extract build metadata · language-specific string patterns · runs locally