Skip to content
View cognis-digital's full-sized avatar

Block or report cognis-digital

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
cognis-digital/README.md

Making Tomorrow Better Today

⚡ Start here — battle-tested, hard-target tools

The places mainstream and SaaS security tools don't reach: firmware · ICS/OT · RF · C2 · DFIR · compliance-as-code. Every tool is single-purpose, self-hostable, and emits machine-readable JSON/SARIF.

🔴 Threat detection & DFIR

Tool What it does
c2detect ⭐29 C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
yararun Run simple YARA-style string/regex rules over a directory

🔧 Firmware · hardware · ICS/OT · RF

Tool What it does
uefiscan Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3 boot-script vulns, and known SMM threats
fwxray Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions
keyhunt Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens, default creds, and weak RSA/ECC material
sbomb Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and flag components with known CVEs and EOL kernels
otaverify Validate OTA update packages end-to-end: signature chains, rollback protection, anti-downgrade counters, and delta-patch integrity
modpot Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register reads/writes as structured JSON
blescope Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on insecure pairing/characteristics in CI against a capture
adsbwatch ⭐3 Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700, and unusual loiter patterns

🛰️ OSINT & intelligence

Tool What it does
maritimeint AIS vessel tracking & sanctions-evasion anomaly detection
conflictwatch Open-source conflict monitoring & situational awareness — ACLED/GDELT/UCDP + OSINT feeds, hotspots/trends, and a sourced 'what's working' lessons KB (OSINT/force-protection)
cryptotrace Free-tier blockchain investigator — ETH/BTC clustering + sanctions xref
comint-osquery DISA STIG-aligned osquery configs + RMF mapper

📋 Compliance-as-code

Tool What it does
fedramplens FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator
compliance-atlas Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171, CMMC, GDPR, CCPA, HIPAA, PCI DSS, EU AI Act

📱 Mobile & app security

Tool What it does
apkprobe Android APK static security analyzer — MASTG-aligned, from-scratch binary-AXML decoder, zero dependencies

New here? Start with these — they're the proven, most-used tools. The full catalog of every tool is below. ⭐ a tool if it earns its place in your stack.

Usage — step by step

This is the Cognis Digital org profile. The tools live in the Cognis Neural Suite — here is how to go from catalog to a running tool.

  1. Browse the catalog — open the full catalog (or awesome-cognis) and pick a tool.
  2. Install it — most tools ship a CLI on PyPI under the cognis- prefix, e.g.:
    pip install cognis-mcpharden     # see the chosen tool's README for its real package name
  3. Run the primary command and get machine-readable output — tools emit JSON/SARIF:
    mcpharden scan . --format sarif --out report.sarif
  4. Point your agents at it — every tool ships an MCP server, so Claude Desktop / Cursor / Cognis.Studio can scan, audit, and remediate autonomously (run the tool's mcp command).
  5. Automate in CI — gate builds on findings and upload SARIF to code scanning:
    - run: pip install cognis-mcpharden
    - run: mcpharden scan . --format sarif --out report.sarif --fail-on high
    - uses: github/codeql-action/upload-sarif@v3
      with: { sarif_file: report.sarif }

👋 Welcome

Cognis Digital (Wyoming, USA) builds the Cognis Neural Suite372+ single-purpose, self-hostable, MCP-native tools across security, AI, military/IC, compliance, data, dev, and business. Every tool ships a CLI, JSON/SARIF output, an MCP server, polyglot ports (Py/JS/Go/Rust), a Dev Container, cross-OS + cloud deploy, and CI/CodeQL — and most ship real, tested code.

🧠 Every tool is an MCP capability — point your agents (Claude Desktop, Cursor, Cognis.Studio) at the suite and they can scan, audit, and remediate autonomously.





🚀 Explore the suite

🗂️ Full catalog → cognis-neural-suite · ⭐ awesome-cognis · 🔗 cognis-sources

🚀 Featured tools

372 open-source tools · 58⭐ and climbing · 8 languages · every tool CLI + JSON/SARIF + MCP-native. Single-purpose, self-hostable, and built to plug into your stack (SARIF→code-scanning, STIX/MISP/Sigma→SIEM, MCP→agents).

🏆 Most popular

Tool What it does
c2detect 29 C2 server fingerprinter
comint-osquery 2 DISA STIG-aligned osquery configs + RMF mapper
adsbwatch 2 Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700,…
keyhunt 1 Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens,…
uefiscan 1 Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3…
fwxray 1 Diff two firmware images and surface exactly what changed: new binaries, flipped…

📱 Mobile Security (12 tools)

Tool What it does
apkpeek One-command static triage of Android APK/AAB binaries: surfaces hardcoded secrets,…
apkprobe Android APK static security analyzer
dastlite A headless, config-as-code DAST runner that crawls an authenticated web/mobile-API…
deeplinkfuzz Fuzzes Android/iOS deep links, intents, and custom URL schemes against an…
dvmobile Damn Vulnerable Mobile
hookcraft Generates ready-to-run Frida instrumentation scripts from a YAML intent (e.g

🤖 AI · Agents · MCP (66 tools)

Tool What it does
hermes 1 Model-agnostic, portable long-term memory framework for AI agents (MCP-native)
keyhunt 1 Scan firmware blobs and filesystem dumps for hardcoded private keys, API tokens,…
mcpharden 1 MCP server hardening linter
tokenmeter 1 Token and cost counter / budgeter for LLM apps, CI-ready
uncensored-fleet 1 Deploy a local multi-model LLM fleet (llama.cpp) with an agent harness, hermes…
adversa LLM red-team harness

🔭 OSINT & Intelligence (48 tools)

Tool What it does
adsbwatch 2 Analyze an ADS-B feed/CSV for anomalies: callsign spoofing, squawk 7500/7600/7700,…
comint-osquery 2 DISA STIG-aligned osquery configs + RMF mapper
blescope 1 Sniff and decode BLE GATT traffic, fingerprint device profiles, and assert on…
conflictwatch 1 Open-source conflict monitoring & situational awareness
geolens 1 Image geolocation toolkit
maritimeint 1 AIS vessel tracking & sanctions-evasion anomaly detection

📋 Compliance & GRC (28 tools)

Tool What it does
compliance-atlas 1 Condensed, cross-walked reference for SOC2, ISO 27001, NIST CSF/800-53/800-171,…
deidproof 1 Re-identification risk assessment that computes k-anonymity, l-diversity, and HIPAA…
fedramplens 1 FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator
gsafinder 1 GSA Schedule opportunity surveyor
stigsentry 1 DISA STIG checker + NIST 800-53 RMF mapper + POAM emitter
admitd Kubernetes policy-as-code admission engine

🔬 Forensics & Data (9 tools)

Tool What it does
canzap 1 Replay, fuzz, and assert on CAN bus traffic from a .pcap or SocketCAN interface…
fwxray 1 Diff two firmware images and surface exactly what changed: new binaries, flipped…
pcapsummary 1 Summarize flows/talkers/protocols from a pcap text export
browserforensics Analyze exported browser history/downloads for IOCs and exfil signs
entropyscan Scan files and binaries for high-entropy regions to flag packing, encryption, and…
exfilwatch Detect DNS/HTTP exfiltration patterns (entropy, beaconing) in logs

☁️ Infra · Cloud · Mesh (27 tools)

Tool What it does
crackq 1 Self-hosted password cracking queue
awesome-cognis Awesome Cognis
bootkit Air-gapped cluster bootstrap planner
cloud-setups Firebase, GCP, and Azure project setups
cloudbill Multi-cloud cost report, anomaly detection, and FOCUS export
cloudkeys Find leaked cloud keys (AWS/GCP/Azure) + classify blast radius

🛡️ Security & Detection (42 tools)

Tool What it does
c2detect 29 C2 server fingerprinter
modpot 1 Spin up a high-interaction Modbus/DNP3 ICS honeypot that logs attacker register…
sbomb 1 Generate a CycloneDX SBOM directly from an unpacked firmware root filesystem and…
uefiscan 1 Audit UEFI firmware dumps for missing Secure Boot keys, unsigned modules, S3…
yararun 1 Run simple YARA-style string/regex rules over a directory
apidiff Breaking-change detector for OpenAPI / GraphQL across commits

🧰 Tools & Utilities (140 tools)

Tool What it does
dealflow 1 Model your sales pipeline as a YAML state machine and compute conversion rates,…
frontline-drones 1 Descriptive, citation-grade catalog of frontline & commercial drones + the open…
otaverify 1 Validate OTA update packages end-to-end: signature chains, rollback protection,…
accessreview Periodic user-access-review (UAR) campaign runner
airgap-pkg Self-contained installer for airgapped (SIPR/JWICS-style) environments
alertmux Alert dedup, correlation, and routing in front of Grafana / PagerDuty

Browse all 372 repos → cognis-digital repositories · filter by topic (mcp-security, osint, detection-engineering, compliance).

⚡ Recent upgrades (June 2026)

The suite just got a major capability + quality pass — additive across the catalog:

  • Real intelligence feeds, edge/air-gap ready — 35 keyless sources (CISA KEV, EPSS, OSV, NVD, MITRE ATT&CK STIX, NIST OSCAL 800-53, abuse.ch C2/IOC, OFAC, GDELT, OpenSky, USGS, Wikimedia) wired into the tools via a stdlib fetch→cache→offline→snapshot module.
  • 262,351-vulnerability offline DB bundled into the vulnerability scanners — real OSV records (CVE/GHSA aliases, CVSS, affected packages) queryable with zero network.
  • Standards exports everywhere — SARIF (code-scanning), STIX 2.1, OSCAL, Sigma + Suricata, GeoJSON/KML, CSV across the suite.
  • Deeper detection — C2 campaign correlation, MCP fleet-posture + supply-chain (OWASP Agentic Top-10 2026), maritime track-interaction (CPA/TCPA), and more — each with expanded test suites and candid docs.
  • Passive + authorization-gated active scanning and polyglot ports rolling out across the scanners.

Every tool stays single-purpose, self-hostable, MCP-native, and defensively-scoped.

🌐 Languages across the suite

Polyglot by design. The suite is Python-first but ports outward so a tool exists in the language of your deployment target — mainframe to mobile, kernel to contract. Goal: reach every major language. Below, ● live in-repo today, ○ rolling out (tracked in polyglot-roadmap).

● Shipping now Python TypeScript JavaScript Go Rust C%23 Ruby Lua C COBOL Perl Shell PowerShell

📱 Mobile — languages & frameworks Swift Kotlin Java Objective-C Dart Flutter SwiftUI Jetpack%20Compose React Native

⛓️ Smart-contract / Web3 — audited in production across EVM · Base · Arbitrum · Blast · Polygon · Solana · Algorand · Nervos · Cronos · Conflux · XRPL Solidity Vyper Yul Huff Move Cairo Rust Sway Clarity FunC TEAL Plutus ink! Michelson Scilla

🕵️ Zero-knowledge / circuits (trending) — Noir Circom Cairo-ZK — auditing & formal-verification tooling (Slither/Foundry/Echidna/Mythril lineage) ports to each VM.

⛓️ Chains we ship & audit on EVM Base Arbitrum Blast Polygon Optimism Solana Algorand Nervos Cronos Conflux XRPL TON Aptos Sui Starknet

○ Rolling out — systems, JVM, .NET, scripting, functional, data & legacy C++ Zig Scala Groovy F%23 VB.NET PHP Elixir Haskell Clojure OCaml SQL R Julia Fortran Ada WebAssembly

Every port keeps the suite contract: a CLI, structured output (JSON/SARIF), and an MCP server. New-language tools land with a CI workflow that compiles & tests on the matching runner (GnuCOBOL, gcc, JDK, Swift, .NET, Ruby, Lua, Dart…).

👤 Founder & engineering stack

Led by Christopher Hyatt — Software & AI Engineer, founder of Cognis Digital, smart-contract auditor (Entersoft, intern→lead), and federal cybersecurity SME. 🛰️ Hack-A-Sat 7th worldwide / 3,600+ teams · Top 1% TryHackMe · Eagle Scout · CompTIA Security+ · CISSP Prep · AWS DevOps.

Languages · Python · TypeScript/JavaScript · Solidity · Rust · Go · Move · Cairo · Vyper · SQL · Bash AI / Agents · self-hosted LLMs · RAG · evals & guardrails · MCP · Claude Agent SDK · LangGraph · CrewAI · AutoGen · LangChain · LlamaIndex · Ollama · vLLM · llama.cpp Chains · EVM · Base · Arbitrum · Blast · Polygon · Solana · Algorand · Nervos · Cronos · Conflux · XRPL Engineering · React/Next.js · FastAPI · Node.js · Docker · Kubernetes · AWS · Azure · GCP · PostgreSQL · Redis · Supabase · CI/CD Security & Web3 · smart-contract audit · formal verification · pentesting · Foundry · Slither · Echidna · Mythril · Burp Suite · Nmap · Kali · SIEM/Splunk · NIST 800-53 · MITRE ATT&CK Intelligence · OSINT · SIGINT · GEOINT · HUMINT · ADINT  |  PQC · post-quantum crypto

Open to roles & contract work via DevPairer.

🤝 Get involved

⭐ Star the tools you use · 🛠️ Contribute under the collaboration-pull model (see any repo's CONTRIBUTING.md) · 🏢 Commercial use → licensing@cognis.digital

Interoperability

cognis-digital composes with the 300+ tool Cognis suite — JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

Integrations

Forward cognis-digital's findings to STIX/MISP/Sigma/Splunk/Elastic/Slack/webhooks via cognis-connect. See INTEGRATIONS.md.

Pinned Loading

  1. deepcheck deepcheck Public

    Lightweight synthetic-media detector with C2PA validation

    Python

  2. fedramplens fedramplens Public

    FedRAMP boundary visualizer & OSCAL-format SSP/POAM generator

    Python 1

  3. geolens geolens Public

    Image geolocation toolkit — EXIF, sun-shadow, OCR, reverse-search

    Python 1

  4. ossaudit ossaudit Public

    OSS license compliance auditor — AGPL contamination + NOTICE generation

    Python

  5. privacyshell privacyshell Public

    Hardened browser profile generator — Firefox / LibreWolf / Brave

    Python

  6. ragshield ragshield Public

    RAG corpus poisoning detector — embedding anomalies, backdoor triggers

    Python