Airgap Package Fetcher
PlanningOffline bundles for pip, apt, Docker, and Homebrew.
Fetch and ship complete dependency trees for airgapped installs.
Airgap Package Fetcher is a CLI for environments without internet. It runs on a connected host to fetch packages and their complete dependency trees for pip, apt, Docker, and Homebrew, producing portable, verifiable bundles for offline installation.
Key capabilities: - Offline-first: bundles install with zero network access - Multi-ecosystem: pip, apt, Docker images, Homebrew (pro: Go, Rust, NPM, VSCode) - Integrity: SHA256/SHA512 checksums, optional signatures - Consistent UX: validate, info, install commands and cross-platform scripts - Single binary: static Go build, no external runtime
Built for operators who need repeatable, auditable airgap workflows.
Go
CLI
Offline
Packaging
Checksums
Fast, offline database schema discovery and sampling.
Understand unfamiliar databases quickly with portable reports.
dbsurveyor is a two-part toolchain (collector + postprocessor) for fast database schema discovery and limited data sampling across engines like PostgreSQL, MySQL/MariaDB, MSSQL, SQLite, and MongoDB. The collector runs where credentials are valid and produces a portable .dbsurveyor.json(.zst/.enc) file; the postprocessor works fully offline to generate reports, diagrams, and reconstructed SQL.
Highlights: - Schema + sample extraction with throttle control - Portable outputs with optional compression and AES-GCM encryption - Markdown/JSON reports and SQL reconstruction; Pro adds diagrams, classification, HTML - Rust static binaries; no telemetry; human-inspectable outputs - Pluggable engine adapters with feature flags or plugins
Rust
CLI
Database
Offline
Encryption
CodexDaemon
PlanningOne AGENTS.md, many assistant configs.
Generate Cursor/Claude/Gemini prompts from a single source of truth.
CodexDaemon converts a single AGENTS.md into multiple AI-assistant-specific configurations. It analyzes the repository for context and generates Cursor rule files and prompts for Claude, Gemini, and GPT—keeping your guidance consistent across tools, even offline.
Features: - Parse and validate AGENTS.md with repo-aware metadata - Generate .cursor/rules/*.md, CLAUDE.md, GEMINI.md, PROMPT.md - Optional OpenAI integration for content transformation (offline-first by default) - Interactive CLI/TUI for ambiguous choices - Static Go binary, no telemetry
Go
CLI
Markdown
AI
TUI
Readable reports from OPNsense configs.
Turn config.xml into clear docs and audits offline.
opnDossier turns OPNsense config.xml files into clear, operator-ready documentation with optional audit reporting. It parses the XML locally and emits structured Markdown, JSON, or YAML, with terminal rendering and template-driven reports.
Modes and capabilities: - Convert: structured Markdown/JSON/YAML (summary or comprehensive) - Display: themed terminal rendering with syntax highlighting - Audit: standard/blue/red reports with findings, recommendations, and pivot data - Plugin-driven compliance checks with extensible templates - Offline-only; static Go binary; robust input validation
Go
CLI
Markdown
Audit
Offline
Detection Toolkit
PlanningOffline detection rule testing that actually runs in labs.
Validate Sigma and more with deterministic test workflows.
Detection Toolkit is an offline framework for testing detection rules via deterministic stimulus-observation-assertion workflows. Start with Sigma over local JSON logs, then expand to Splunk/Zeek/Suricata collectors and PCAP replay—no SIEM required.
Highlights: - Declarative test definitions (YAML/JSON) executed by an orchestrator - Sigma + JSONL MVP with pass/fail assertions and checksums - Structured outputs (JSON/Markdown/JUnit) for audits and CI - Rust static binaries, TUI option, plugin-friendly architecture - Zero telemetry; reproducible runs with controlled seeds/timestamps
Rust
CLI
TUI
Sigma
Security
DragonHoard (Airgap Edition)
PlanningSelf-contained local LLM stack for airgapped labs.
Index and query documents with local models—no cloud.
DragonHoard – Airgap Edition provides a portable, single-node LLM stack for secure labs. It generates a Docker Compose stack, ingests documents from local/SMB paths, builds embeddings in a local vector DB, and answers questions using only local models.
Key features: - CLI-managed Compose generation and lifecycle - TUI for indexing, querying, and runtime control - Local embeddings + vector search (Chroma), local LLM inference (Ollama/vLLM) - Offline-only operation; no telemetry or cloud dependencies - CPU/GPU-aware with CPU fallback
Python
TUI
Docker
LLM
NetflowWatcher
PlanningLocal-first network flow anomaly detection with feedback.
Surface unusual flows and improve detections with human-in-the-loop.
NetflowWatcher is a self-hosted, local-first network flow anomaly detector. It parses normalized flow data, scores anomalies with online ML, and incorporates human feedback via a Web UI—optionally summarizing flows with a local LLM.
Capabilities: - Ingest SiLK/nfdump-style flows and normalize - Online anomaly scoring blended with supervised feedback - Review/label/export flows in a web UI; Docker Compose deployment - Optional local LLM summarization; no cloud dependency - Offline-first, no telemetry
Python
CLI
Web
ML
Docker