Projects

I’ve released several open source projects on GitHub, some interesting ones are:

• NETCAP

A network packet analysis framework written in Go for building network intrusion detection systems, developed and used extensively during my academic research projects. It is a toolchain to dissect network packets into the various encapsulated protocols, and generate data structures that can be used to supply rule based engines, anomaly detection algorithms or deep neural networks with the data required for network security monitoring.

Capabilities include fast PCAP ingestion, a broad set of L2–L7 protocol decoders, per-flow and per-packet feature extraction, and export of structured records for downstream analysis. It supports both offline batch processing and streaming pipelines, making it suitable for IDS prototyping and ML-based traffic analytics.

• Zeus

A build system similar to GNU Make but agnostic to the programming language being used to write targets.

It provides dependency-aware targets, parallel execution, incremental builds, and file watching, enabling reproducible automation across languages and tooling. Use it to codify CI tasks, release workflows, and local developer commands in a single portable file.

• Simplecert

A Go package to obtain and renew TLS certificates for your applications.

It wraps ACME flows to automatically issue and renew certificates with minimal code. Includes helpers for persistent storage, graceful reloads, and integrations for common Go net/http servers or custom TLS stacks.

• Ja3 Go Package

A Go implementation of the Ja3 TLS fingerprint.

The library parses TLS ClientHello messages and computes deterministic JA3 hashes for use in fingerprinting and detection. Utilities are provided for extracting fingerprints from byte streams and integrating lookups into your telemetry or IDS.

• Maltego Go Package

A Go package for writing Maltego transforms.

It simplifies building local and remote transforms by handling request/response boilerplate, entities, properties, and display settings. Ideal for rapid prototyping of OSINT workflows and connecting your data sources to Maltego.

• GoPCAP Package

A pure Go library for working with PCAP (packet capture) files.

Capabilities include streaming reads and writes of PCAP records, preservation of packet metadata (timestamps, lengths), and support for multiple link-layer header types. Designed for low-overhead integration into Go applications without external dependencies, making it useful for log ingestion, traffic analysis, and custom tooling.

• Maltego Config Generator

A small CLI to generate Maltego configurations from YAML definitions.

Capabilities include emitting importable configuration bundles, scaffolding entities and transforms from templates, and bundling icons and settings for consistent deployments. It is useful for automating config updates and keeping transform setups reproducible in CI.

• TRX

A simple example Maltego transform server using the maltego package.

• DittoTRX

A collection of Maltego transforms and configuration used for phishing and look‑alike domain investigations.

Transforms expand seeds via DNS/WHOIS/web metadata, cluster related infrastructure, and enrich with artifacts such as screenshots and headers. Designed to surface relationships between domains, hosts, and providers for faster triage.