Cyfinoid Research

Security Tools & Projects

A comprehensive collection of security research tools and projects covering software supply chain analysis, Android assessment, cloud security, fediverse monitoring, and AI experiments.

Software Supply Chain Tools

SBoM Play

A web-based tool for analyzing Software Bill of Materials (SBOM) data from GitHub repositories, organizations, and users. Helps identify security vulnerabilities and dependencies in software projects.

GitHub Live Demo

3P Tracer

Third Party Tracer - A DNS-based tool for tracking and analyzing third-party dependencies and their security implications in software projects.

GitHub Live Demo

keychecker

A fast CLI tool to fingerprint SSH private keys and identify which Git hosting accounts they unlock (GitHub, GitLab, Bitbucket, Codeberg, Gitea, Hugging Face).

GitHub PyPI

GH Navigator

GitHub navigator via ghtoken and mass token validation. A powerful tool for managing and validating GitHub tokens across multiple repositories and organizations.

GitHub Live Demo

AI BOM Generator

A client-side tool for analyzing GitHub repositories to detect AI/LLM usage and generate comprehensive AI Bill of Materials. All processing happens in your browser for maximum privacy and security. Supports CycloneDX 1.7 and SPDX 3.0.1 formats.

GitHub Live Demo

Cloud Security

Cloud IAM Policy Explorer

A client-side web application for exploring and analyzing AWS IAM policies with automated shadow admin detection. Features automated detection of 23+ privilege escalation methods, side-by-side policy version comparison, and visual risk scoring. All analysis happens directly in your browser for maximum security.

GitHub Live Demo

Android Assessment

CFYVuln-Android

Intentionally Vulnerable Android Application designed for security testing and educational purposes. Perfect for learning Android security assessment techniques.

GitHub

APK Analysis Automation

A comprehensive project to streamline and automate multiple APK analysis tooling and aggregate results. Simplifies the process of Android application security assessment.

GitHub

Fediverse

Fediverse Monitoring

A project to gather comprehensive statistics about fediverse software from across the internet. Provides insights into the distributed social media ecosystem.

GitHub

Fediverse OSINT

Open Source Intelligence (OSINT) tools specifically designed for fediverse instances. Enables security researchers to gather information about distributed social networks.

GitHub

Fediverse Stats

A public statistics portal providing comprehensive insights into the fediverse ecosystem. Features periodically collected data on server software, versions, TLDs, user activity, and growth metrics across thousands of fediverse instances.

Live Demo

AI Experiments

Council of Bots

An innovative platform that simulates group discussions and feedback sessions using AI personas. Instead of getting a single AI response, present your ideas to different "councils" made up of AI personas with distinct personalities, expertise, and perspectives.

Live Demo