Operator-focused Security Tooling

EvilBit Labs

We build operator-focused security tools that work offline, on purpose. Welcome to EvilBit Labs.

Explore Solutions

Trusted for Enterprise & Open Source

Operator-Centric
Built for real-world needs by practitioners
Airgap-Friendly
Designed for offline, high-security environments
Transparent by Design
Open code, real docs, and behavior you can trust
Reliable Under Fire
Robust engineering that holds up under pressure
Platform Choice
Respecting your tool and platform preferences

Products & Tools

Our Solutions

DaemonEye

Open Source

High-performance security process monitoring system with audit-grade integrity. Detect process anomalies, hollowing attacks, and suspicious behavior across your infrastructure.

  • Real-time process monitoring with <5% system overhead
  • Cross-platform security monitoring for Linux, macOS, and Windows
  • SQL-based custom detection rules with flexible anomaly detection
GitHub
Learn more

dbsurveyor

Open Source

Fast, offline database schema discovery and sampling. Understand unfamiliar databases quickly with portable reports.

  • Schema + sample extraction with throttle control
  • Portable outputs with optional compression and AES-GCM encryption
  • Markdown/JSON reports and SQL reconstruction
GitHub
Learn more

Gold Digger

Open Source

Rust CLI for MySQL/MariaDB query execution and structured data export. Designed for operators who need reliable, reproducible data extraction.

  • MySQL/MariaDB support with secure TLS connections
  • Structured outputs: CSV, JSON, TSV with deterministic formatting
  • Built for automation (cron, CI/CD) and offline-first environments
GitHub
Learn more

opnDossier

Open Source

Readable reports from OPNsense configs. Turns OPNsense config.xml files into clear, operator-ready documentation with optional audit reporting.

  • Convert: structured Markdown/JSON/YAML (summary or comprehensive)
  • Display: themed terminal rendering with syntax highlighting
  • Audit: standard/blue/red reports with findings and recommendations
GitHub
Learn more

Airgap Package Fetcher

Open Source

Offline bundles for pip, apt, Docker, and Homebrew. Fetch and ship complete dependency trees for airgapped installs.

  • Offline-first: bundles install with zero network access
  • Multi-ecosystem: pip, apt, Docker images, Homebrew
  • Integrity: SHA256/SHA512 checksums, optional signatures
Learn more

Custom R&D

Enterprise

Tailored cybersecurity research and development for unique organizational challenges.

  • Custom solutions
  • Expert consultation
  • Proof of concept
Learn more

Detection Toolkit

Enterprise

Offline detection rule testing that actually runs in labs. Validate Sigma and more with deterministic test workflows.

  • Declarative test definitions (YAML/JSON) executed by an orchestrator
  • Sigma + JSONL MVP with pass/fail assertions and checksums
  • Structured outputs (JSON/Markdown/JUnit) for audits and CI
GitHub
Learn more

NetflowWatcher

Enterprise

Local-first network flow anomaly detection with feedback

  • Ingest SiLK/nfdump-style flows and normalize
  • Online anomaly scoring blended with supervised feedback
  • Review/label/export flows in a web UI; Docker Compose deployment
Learn more