TOOLS_SUITE
RECONNAISSANCE
ACTIVE26 modulesPythonRTL-SDR · HackRF One · Proxmark3 · Flipper Zero

SIGINT

Passive signals intelligence. Twenty-six modules.

Twenty-six Python modules across five tiers: NFC/RFID (Proxmark3), WiFi/BLE (scapy + bleak), sub-GHz RF (RTL-SDR + HackRF), cellular (srsRAN), and special protocols (GPS spoofing, Zigbee, Z-Wave, ADS-B, NOAA satellite). Hardware detection via sigint.core.hardware.detect() identifies connected devices at runtime. Each module wraps real CLI tools (pm3, hackrf_transfer, rtl_fm) or Python libraries (scapy, bleak, numpy/scipy for signal processing). All modules follow the run(config: SigintConfig) -> dict pattern with structured JSON output.

scroll to access

Kill_Chain_Position

Reconnaissance
Initial_Access
Execution
Persistence
Privilege_Escalation
Lateral_Movement
Collection
Command_& Control
Exfiltration

Capabilities

What it can do.

NFC/RFID read, clone, attack

Mifare Classic key recovery via autopwn/darkside/nested; UID cloning to magic cards; HID Prox reading; NDEF record poisoning

BLE enumeration + spoofing

GATT service/characteristic discovery via bleak; iBeacon/Eddystone spoofing; notification injection on writable characteristics

OOK capture & replay

HackRF capture/replay of 433/915 MHz OOK signals — garage doors, key fobs, sensors; Flipper Zero fallback via serial

POCSAG pager decode

RTL-SDR → rtl_fm → multimon-ng pipeline for passive POCSAG/FLEX decode of unencrypted hospital/emergency pagers

TPMS + sensor tap

Tire pressure sensor ID tracking via rtl_433; generic 433 MHz ISM band device enumeration and protocol identification

WiFi PMKID + Evil Twin

PMKID capture via hcxdumptool (no client needed); rogue AP via hostapd+dnsmasq with captive portal credential harvest

GPS spoofing (HackRF TX)

gps-sdr-sim GPX → IQ file → HackRF transmission; spoofs civilian GPS L1 C/A within controlled test environment

NOAA APT + ADS-B

137 MHz NOAA satellite APT reception with real-time image decode via Pillow; 1090 MHz ADS-B aircraft tracking via dump1090

Architecture

How it's built.

Python 3.11+ with 10 runtime dependencies. Hardware abstraction via sigint.core.hardware.py: detect() returns connected devices, require(identifier) raises RuntimeError if absent, require_tool(name) locates external CLI binaries. Five subpackages mirror the 5-tier architecture: nfc/ (Proxmark3 subprocess via serial), wireless/ (scapy for 802.11 frame injection + bleak for BLE), rf/ (hackrf_transfer + rtl_fm + rtl_433 subprocess wrappers), cellular/ (srsRAN for IMSI collection + LTE downgrade), special/ (gps-sdr-sim + dump1090 + zbdump subprocess wrappers). Signal processing uses numpy/scipy for FFT-based protocol identification. Output always structured JSON via rich.print_json(). Typer CLI with 5 subcommand groups, 22 commands total.

Engagement_Types

Where it fits.

Physical red team reconnaissanceRF security assessmentWireless penetration testingHardware security evaluation

Also_In_The_Suite

Secure_Channel

Authorized engagements only.

All work requires a signed scope document. Initial contact is encrypted. Response within 48h.

INITIALIZE_CONTACT