Passive signals intelligence. Twenty-six modules.
Twenty-six Python modules across five tiers: NFC/RFID (Proxmark3), WiFi/BLE (scapy + bleak), sub-GHz RF (RTL-SDR + HackRF), cellular (srsRAN), and special protocols (GPS spoofing, Zigbee, Z-Wave, ADS-B, NOAA satellite). Hardware detection via sigint.core.hardware.detect() identifies connected devices at runtime. Each module wraps real CLI tools (pm3, hackrf_transfer, rtl_fm) or Python libraries (scapy, bleak, numpy/scipy for signal processing). All modules follow the run(config: SigintConfig) -> dict pattern with structured JSON output.
scroll to access
Kill_Chain_Position
Capabilities
NFC/RFID read, clone, attack
Mifare Classic key recovery via autopwn/darkside/nested; UID cloning to magic cards; HID Prox reading; NDEF record poisoning
BLE enumeration + spoofing
GATT service/characteristic discovery via bleak; iBeacon/Eddystone spoofing; notification injection on writable characteristics
OOK capture & replay
HackRF capture/replay of 433/915 MHz OOK signals — garage doors, key fobs, sensors; Flipper Zero fallback via serial
POCSAG pager decode
RTL-SDR → rtl_fm → multimon-ng pipeline for passive POCSAG/FLEX decode of unencrypted hospital/emergency pagers
TPMS + sensor tap
Tire pressure sensor ID tracking via rtl_433; generic 433 MHz ISM band device enumeration and protocol identification
WiFi PMKID + Evil Twin
PMKID capture via hcxdumptool (no client needed); rogue AP via hostapd+dnsmasq with captive portal credential harvest
GPS spoofing (HackRF TX)
gps-sdr-sim GPX → IQ file → HackRF transmission; spoofs civilian GPS L1 C/A within controlled test environment
NOAA APT + ADS-B
137 MHz NOAA satellite APT reception with real-time image decode via Pillow; 1090 MHz ADS-B aircraft tracking via dump1090
Architecture
Python 3.11+ with 10 runtime dependencies. Hardware abstraction via sigint.core.hardware.py: detect() returns connected devices, require(identifier) raises RuntimeError if absent, require_tool(name) locates external CLI binaries. Five subpackages mirror the 5-tier architecture: nfc/ (Proxmark3 subprocess via serial), wireless/ (scapy for 802.11 frame injection + bleak for BLE), rf/ (hackrf_transfer + rtl_fm + rtl_433 subprocess wrappers), cellular/ (srsRAN for IMSI collection + LTE downgrade), special/ (gps-sdr-sim + dump1090 + zbdump subprocess wrappers). Signal processing uses numpy/scipy for FFT-based protocol identification. Output always structured JSON via rich.print_json(). Typer CLI with 5 subcommand groups, 22 commands total.
Engagement_Types
Also_In_The_Suite
Secure_Channel
All work requires a signed scope document. Initial contact is encrypted. Response within 48h.
INITIALIZE_CONTACT