Digital forensics and incident response toolbox. Load when the operator asks about a pcap, a binary, a memory dump, a suspicious file, malware triage, IOC hunting, or post-incident analysis. Covers network (tshark), binaries (radare2, strings, binwalk, file, exiftool), memory (volatility), and pattern matching (YARA). All commands assume the artifact is local and disposable; never analyze in-place on a production system.
Passive reconnaissance against a target without sending traffic that could alert it. Load when the engagement starts, when you only know a domain/email/username, when scope is unclear, or when you need historical surface area. Covers subdomain enumeration (crt.sh, subfinder), historical archives (wayback), DNS posture (dnsrecon), email & breach surface (theharvester, holehe), and username reuse (sherlock). All commands are free and key-less.