Tools I Build
Security tools built for practitioners — free to use, open where possible, built from what I actually need while doing the work.
VulnDigest
CVE tracking with real-time exploitability signals. Search and monitor vulnerabilities with intelligence from NVD, CISA KEV, and EPSS — built to cut through noise and surface what actually matters.
Search and filter the full CVE database. Find specific vulnerabilities fast without wading through raw NVD feeds.
Real-time data from CISA KEV (actively exploited) and EPSS (probability scoring) — context that CVSS scores alone don't give you.
Pull vulnerability data programmatically. Integrate VulnDigest into your own tooling, pipelines, or dashboards.
SIRAS
Security Incident Response Automated Simulations. An open-source Python framework for simulating realistic attack scenarios — test your detection coverage and validate IR readiness before a real attacker does it for you.
Simulate compromised credentials, privilege escalation, LOTL techniques, and insecure workload configurations aligned with MITRE ATT&CK.
Verify that your SIEM alerts fire correctly, reach the right channels, and that analysts have the context to respond.
Python-based, open source, and actively developed. Contributions welcome.