We build infrastructure
and security tooling.

Open source. Every crate is a library you can import, a CLI you can install, or both.

GitHub → Read the blog → X / @SanthProject crates.io How we operate

Featured Tool

keyhog

Our first production-ready tool.

You can install it today. It runs on the Vyre GPU compute substrate. More tools that use Vyre are on the way.

891

detectors

14,512

contract cases / build

8

envelope formats

SARIF

+ JSON + TUI

GitHub → Read the story →

All projects

Security Tooling

Scanners, detection, reconnaissance, evasion testing, detonation, and secret management.

gossan Tool →

Recon. DNS enumeration, port scanning, service fingerprinting, web crawling. Async Rust on io_uring. Subdomain discovery, tech-stack fingerprinting via TrueStack, rate-limited scanning, JSON output. Each capability is its own crate.

wafrift Tool →

WAF evasion testing. Grammar mutation and dialect-specific bypass generation. TOML grammar definitions, 19 encoding strategies, presets for ModSecurity, Cloudflare, AWS WAF. Uses AttackStr for payload generation.

envseal Tool →

Encrypted secret storage. Replaces .env files. AES-256-GCM vault, Argon2id key derivation. CLI and Tauri GUI. Audit log, team key sharing, granular access control.

truestack Tool →

Tech fingerprinting from HTTP. Identifies frameworks, servers, CDNs, and services. Header analysis, favicon hashing, HTML and JS pattern detection. TOML signature database; add a new fingerprint in 5 lines. Used by Gossan; works standalone.

procjail Library →

Subprocess sandbox. Linux namespaces, seccomp-bpf, rlimits, watchdog timeout. Network isolation, filesystem restrictions, syscall filtering, memory and CPU limits. Used by Sear and Keyhog.

karyx Coming Soon

Template-based vulnerability scanner. YAML and TOML templates, HTTP probing, headless browser. Orchestrates Gossan, Wafrift, and Keyhog. Templates with conditional logic, extractors, and matchers. Targets web apps, APIs, and network services.

sear Coming Soon

URL detonation. Sandboxed browser execution for phishing analysis and malware triage. Headless Chromium inside a Procjail sandbox. Captures network traffic, screenshots, DOM mutations, and JavaScript behaviour.

Performance Infrastructure

General-purpose systems libraries. Not security-specific - anyone can use these.

vyre Compiler →

Sequential logic on the GPU, bit-exact against a CPU reference. The compute substrate keyhog runs on. Workgroup-local stacks, queues, hashmaps, dominator trees, fixed-point dataflow. Targets CUDA, WGPU, and SPIR-V. Conformance gate rejects any backend that diverges by one bit. C11 frontend; Rust frontend in beta.

dfajit Library →

JIT DFA compilation to native x86-64. Cranelift-backed JIT that converts DFA state tables to native code. Removes interpreter overhead for hot patterns. Uses the same matching API as Vyre and SimdSieve.

simdsieve Library →

AVX-512 and NEON multi-pattern matching. Vectorised Aho-Corasick with runtime CPU feature detection. Runtime dispatch between AVX-512, AVX2, and NEON. Benchmarked at 4+ GB/s on commodity hardware.

ebpfkit Library →

eBPF kernel-space filtering. Load, manage, and interact with eBPF programs from safe Rust. Type-safe eBPF map access, program lifecycle, tracepoint attachment. Used for kernel-level network and syscall filtering without writing raw C.

ziftsieve Library →

Pattern matching inside compressed streams. Scan without decompressing. Matches against the decompression buffer of gzip, zstd, and brotli streams without materialising the full output. Reduces I/O for archive scanning.

flashsieve Library →

Block-level pre-filtering. Skip files that cannot match before full scan. Bloom filter and n-gram pre-screening. Reads file blocks and rejects non-matching files in microseconds. Cuts the volume sent to the full matching engine by 10-100×.

wireshift Coming Soon

io_uring ring manager. Typed submit, wait, and complete for async I/O on Linux. Safe Rust wrapper around Linux io_uring. Typed completion entries, multi-ring management, zero-copy buffer pools.

tenshift Coming Soon

ML data loader in Rust. Prefetch, shuffle, batch, transform. A replacement for PyTorch's DataLoader.

Shared Libraries

Foundational crates that everything else is built on. Each works standalone.

secfinding Library →

Security finding types. Severity, Evidence, Finding, Reportable trait. Shared type system for security findings. SARIF output, CVSS-aligned severity, Reportable trait for serialisation.

codewalk Library →

Security-aware file tree walker. Gitignore-aware, binary detection, memmap2, parallel. Walks a repository tree, respects .gitignore, skips binary files, memory-maps for zero-copy reads, parallelises across cores. Used by Keyhog and Gossan.

matchkit Library →

Multi-pattern matching primitives. Unified trait over Aho-Corasick, regex sets, and custom engines. Shared matching interface that DfaJIT, SimdSieve, Vyre, and Hyperscan implement. Swap backends without touching consumer code.

attackstr Library →

Grammar-based payload generation. TOML-driven, composable, 19 encoding strategies. SQL injection, XSS, SSRF, path traversal, and custom payloads from composable grammar rules. TOML definitions, mutation engine, encoding pipeline (URL, hex, unicode, base64, HTML entity).

openpack Library →

Safe archive reader for ZIP-derived formats. ZIP, CRX, JAR, APK, IPA. Protects against zip bombs, path traversal, and symlink attacks. Unified API for ZIP, CRX, JAR, APK, IPA.

secir Coming Soon

Security intermediate representation. Typed IR for vulnerability modeling and cross-tool data exchange.