{ "version": "1", "updated": "2026-06-14", "credit": "cli.johlem.net — johlem.net Security Consulting", "homepage": "https://cli.johlem.net", "note": "Canonical machine-readable catalogue. jcli fetches this file. Source of truth for tool metadata is includes/tool-meta.php on the website; this JSON is published from a build step. dist_kind=python_source ships as a tar.gz/zip with a wrapper at ~/.local/bin/; dist_kind=rust_binary ships as a single static musl binary at ~/.local/bin/.", "tools": [ { "name": "jcli", "description": "cli.johlem.net suite manager — install / remove / list / run / update tools", "category": "suite", "tags": [ "suite", "manager", "install", "update" ], "homepage": "https://cli.johlem.net/tools/jcli/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.5.0", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "suite", "manager" ] }, { "name": "urlrecon", "description": "Async multi-module URL/domain reconnaissance — 12 modules (dns, geo, headers, ports, redirects, robots, sitemap, subdomains, tech, tls, waf, whois)", "category": "recon", "tags": [ "dns", "tls", "waf", "whois", "geo", "ports", "subdomains", "osint", "recon" ], "homepage": "https://cli.johlem.net/tools/urlrecon/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.7.0", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "recon", "url", "dns", "tls" ] }, { "name": "phishprobe", "description": "Phishing detection — domains, URLs, emails, headers", "category": "defense", "tags": [ "phishing", "url", "email", "scoring" ], "homepage": "https://cli.johlem.net/tools/phishprobe/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.3.2", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "phishing", "email", "url" ] }, { "name": "openclaw", "description": "Phishing takedown pipeline (detect → abuse mail → approve → send)", "category": "defense", "tags": [ "phishing", "takedown", "abuse", "smtp" ], "homepage": "https://cli.johlem.net/tools/openclaw/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "phishing", "takedown", "absorbed" ] }, { "name": "credsweep", "description": "Credential / secret scanner for files, dirs, stdin, and git history. 53 patterns, SARIF output, baseline/update, allow-list, pre-commit hook", "category": "defense", "tags": [ "secrets", "static-analysis", "git", "sarif", "pre-commit", "baseline" ], "homepage": "https://cli.johlem.net/tools/credsweep/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.2.2", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "secrets", "git", "ci" ] }, { "name": "hostwatch", "description": "Continuous host monitoring — availability, TLS, DNS changes", "category": "monitoring", "tags": [ "uptime", "tls", "dns" ], "homepage": "https://cli.johlem.net/tools/hostwatch/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.2", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "monitoring", "tls", "dns" ] }, { "name": "darkrecon", "description": "Dark-web / OSINT reconnaissance for threat intelligence", "category": "recon", "tags": [ "osint", "hibp", "crt-sh", "graph", "dijkstra" ], "homepage": "https://cli.johlem.net/tools/darkrecon/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.2.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "osint", "darkweb" ] }, { "name": "pentree", "description": "YAML-driven pentest methodology engine", "category": "workflow", "tags": [ "methodology", "owasp", "reporting", "dijkstra", "attack-path" ], "homepage": "https://cli.johlem.net/tools/pentree/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.1.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "methodology", "pentest" ] }, { "name": "avwatch", "description": "File integrity monitoring + YARA-lite signature scan", "category": "defense", "tags": [ "fim", "yara", "sqlite" ], "homepage": "https://cli.johlem.net/tools/avwatch/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.2.2", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "fim", "yara", "monitoring", "endpoint" ] }, { "name": "b64chain", "description": "Multi-stage encoder/decoder for chained encoding operations", "category": "encoding", "tags": [ "base64", "encoding", "decoding", "ctf" ], "homepage": "https://cli.johlem.net/tools/b64chain/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.2", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "encoding", "utility" ] }, { "name": "cidrcalc", "description": "Subnet calculator, IP range expander, and CIDR notation tool", "category": "network", "tags": [ "cidr", "subnet", "ipv4", "ipv6" ], "homepage": "https://cli.johlem.net/tools/cidrcalc/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "network", "utility" ] }, { "name": "wifiaudit", "description": "Wi-Fi audit toolkit — passive scan, authorized pentest, defense", "category": "wireless", "tags": [ "wifi", "wireless", "pentest", "defense" ], "homepage": "https://cli.johlem.net/tools/wifiaudit/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.1.1", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "wireless", "pentest", "defense" ] }, { "name": "shard", "description": "Storage Health, Audit & Recovery Device — enumerate, erase, format, flash, repair, panic-wipe", "category": "storage", "tags": [ "storage", "disk", "luks", "smart" ], "homepage": "https://cli.johlem.net/tools/shard/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.10.0", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "disk", "health", "erase" ] }, { "name": "hashcrackref", "description": "Hash identification and cracking command reference (does NOT crack)", "category": "pentest", "tags": [ "hash", "hashcat", "john", "identify", "reference" ], "homepage": "https://cli.johlem.net/tools/hashcrackref/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "reference", "cracking", "hash" ] }, { "name": "speedtest-cli", "description": "Multi-stream internet speed test with bufferbloat + watch mode", "category": "diagnostics", "tags": [ "speedtest", "bandwidth", "bufferbloat", "watch" ], "homepage": "https://cli.johlem.net/tools/speedtest-cli/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.1.1", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "network", "diagnostics" ] }, { "name": "logtimeline", "description": "Timestamp normaliser + IR timeline builder with markdown / mermaid output", "category": "ir", "tags": [ "timestamp", "timeline", "incident-response", "syslog" ], "homepage": "https://cli.johlem.net/tools/logtimeline/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "forensics", "ir", "timeline" ] }, { "name": "webharvest", "description": "Web asset extractor and link harvester for OSINT", "category": "recon", "tags": [ "crawler", "links", "osint", "robots", "sitemap" ], "homepage": "https://cli.johlem.net/tools/webharvest/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "osint", "scrape" ] }, { "name": "vlanrecon", "description": "Offline Layer 2 VLAN security analyzer — Cisco IOS / Arista EOS / Juniper Junos configs (VLAN hopping, STP, DTP, port-security, CDP/LLDP, VTP)", "category": "network", "tags": [ "vlan", "stp", "dtp", "switch", "cisco", "arista", "juniper", "audit" ], "homepage": "https://cli.johlem.net/tools/vlanrecon/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.1.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "network", "audit", "vlan" ] }, { "name": "lexharvest", "description": "Ranked wordlist generator with CeWL-style mutations + pentest seed boost (TF-IDF / BM25 / YAKE, TXT/PDF/DOCX/HTML/MD/URL)", "category": "recon", "tags": [ "wordlist", "dictionary", "cewl", "tfidf", "bm25", "yake", "pentest" ], "homepage": "https://cli.johlem.net/tools/lexharvest/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "wordlist", "cewl", "cracking" ] }, { "name": "payloadforge", "description": "Obfuscated payload generator for authorized penetration testing (bash/powershell/python/perl/ruby, YARA-lite detection scoring, MITRE T1027)", "category": "pentest", "tags": [ "payload", "reverse-shell", "obfuscation", "yara", "mitre", "att&ck" ], "homepage": "https://cli.johlem.net/tools/payloadforge/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.2.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "pentest", "obfuscation", "reverse-shell" ] }, { "name": "regexlab", "description": "CLI regex toolkit — tester, reverse-regex builder, structured-data transformer + benchmark / fuzz / diff / audit (linear-time engine, no ReDoS)", "category": "utility", "tags": [ "regex", "redos", "benchmark", "fuzz", "audit", "csv", "json" ], "homepage": "https://cli.johlem.net/tools/regexlab/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "2.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "regex", "utility", "tester" ] }, { "name": "specter", "description": "Forensic CLI — parallel hashing (MD5/SHA-1/256/512) + ssdeep, native metadata, Ed25519-signed evidence, cluster + triage (18 subcommands)", "category": "forensics", "tags": [ "forensics", "hash", "ssdeep", "evidence", "yara", "ed25519", "ir" ], "homepage": "https://cli.johlem.net/tools/specter/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "forensics", "hash", "metadata", "carving" ] }, { "name": "ubdem", "description": "Offline browser-fingerprinting / data-exfiltration analyzer for JS/HTML/HAR with Ed25519 + HMAC signed evidence", "category": "defense", "tags": [ "fingerprinting", "javascript", "har", "evidence", "ed25519", "privacy" ], "homepage": "https://cli.johlem.net/tools/ubdem/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "browser", "exfil", "analyzer" ] }, { "name": "casper", "description": "Privacy stack + engagement security CLI — 4 levels (BASELINE/ENHANCED/MAXIMUM/SHADOW), real-time monitor, hard kill-switch (nftables + WiFi disconnect)", "category": "privacy", "tags": [ "privacy", "vpn", "tor", "killswitch", "engagement", "nftables" ], "homepage": "https://cli.johlem.net/tools/casper/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "privacy", "engagement", "reference" ] }, { "name": "ohm", "description": "Electronics & hardware reference CLI — 23 modules across 8 categories (calc, power, id, pcb, thermal, rf, ref, safe) with US/EU/JP/UK region toggle", "category": "reference", "tags": [ "electronics", "hardware", "calc", "ohms-law", "pcb", "rf", "reference" ], "homepage": "https://cli.johlem.net/tools/ohm/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "reference", "hardware", "electronics" ] }, { "name": "skyrecon", "description": "OSINT CLI for aircraft + vessels — race-not-fallback sources (OpenSky/ADSB.lol/Airplanes.live), proximity, geofence, PDF dossier (12 subcommands)", "category": "recon", "tags": [ "osint", "aircraft", "vessels", "ais", "adsb", "geofence", "tor" ], "homepage": "https://cli.johlem.net/tools/skyrecon/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "osint", "aviation", "maritime" ] }, { "name": "stegcrypt", "description": "Professional steganography (PNG/BMP/WAV LSB) with AEAD encryption (AES-256-GCM / ChaCha20-Poly1305) + Argon2id KDF + K-of-N Shamir threshold split", "category": "crypto", "tags": [ "steganography", "stego", "aead", "argon2", "shamir", "reed-solomon" ], "homepage": "https://cli.johlem.net/tools/stegcrypt/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.1", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "steganography", "crypto" ] }, { "name": "socq", "description": "SOC query translator — daily hunting intents → KQL (Sentinel + Defender XDR) + AQL (QRadar). 28 recipes, event-ID + port reference, investigation packs, MITRE ATT&CK lookup, KQL/AQL syntax cards", "category": "defense", "tags": [ "soc", "siem", "kql", "aql", "sentinel", "defender", "qradar", "mitre", "hunting" ], "homepage": "https://cli.johlem.net/tools/socq/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.3.1", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "soc", "siem", "kql", "aql", "memo" ] }, { "name": "mailforge", "description": "Red-team mail operations toolkit — beacon (tracking pixel gen/serve/report/templates), land (landing-page serve/templates), bench (SMTP send + MX), spoof (SPF/DKIM/DMARC offensive analyzer + lookalikes), harvest (crt-sh/wayback/pattern OSINT), spin (template variation). Engagement scope + AUTHORIZED gate enforced.", "category": "offense", "tags": [ "redteam", "phishing-sim", "tracking", "landing", "spoof", "osint", "smtp" ], "homepage": "https://cli.johlem.net/tools/mailforge/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.2", "platforms": [ "linux-x86_64-glibc" ], "role": "red", "role_tags": [ "redteam", "phishing-sim", "tracking", "engagement" ] }, { "name": "esptools", "description": "ESP32 hardware security assessment toolkit. Device management (detect/info/identify/reset/erase/flash/prepare), 9 blue-team monitors, 8 red-team audits, 7 forensics commands incl. fwanalyze + CVE-2025-27840 check, Markdown engagement report with DORA/NIS2 mapping. Mandatory typed-AUTHORIZED gate on every red command + mandatory --engagement.", "category": "hardware", "tags": [ "esp32", "hardware", "iot", "forensics", "redteam", "blueteam", "engagement", "cve-2025-27840" ], "homepage": "https://cli.johlem.net/tools/esptools/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "2.0.2", "platforms": [ "linux-x86_64-glibc" ], "role": "dual", "role_tags": [ "hardware", "esp32", "iot", "engagement" ] }, { "name": "kage", "description": "Realtime computer monitoring with live connection watch and one-key block", "category": "monitoring", "tags": [ "tui", "connections", "nftables", "process", "blue-team" ], "homepage": "https://cli.johlem.net/tools/kage/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.0", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "monitoring", "network", "incident-response" ] }, { "name": "jfind", "description": "Canonical findings + evidence schema for the consulting layer — Ed25519-signed findings, BLAKE3 Merkle-rooted bundles, custody chain. Library + CLI.", "category": "consulting", "tags": [ "schema", "findings", "evidence", "ed25519", "blake3", "merkle", "custody-chain", "canonical-json", "dora", "nis2", "grc" ], "homepage": "https://cli.johlem.net/tools/jfind/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.0", "platforms": [ "linux-x86_64-glibc" ], "role": "blue", "role_tags": [ "consulting", "grc", "schema", "evidence" ] }, { "name": "yttranscript", "description": "Fetch any YouTube video transcript to a .txt file — no API key, no auth, no async runtime", "category": "uncategorized", "tags": [], "homepage": "https://cli.johlem.net/tools/yttranscript/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.0", "platforms": [ "linux-x86_64-glibc" ] }, { "name": "mediagrab", "description": "Generic web media downloader — find video/audio on any standards-compliant page, save as open-source container", "category": "uncategorized", "tags": [], "homepage": "https://cli.johlem.net/tools/mediagrab/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.0", "platforms": [ "linux-x86_64-glibc" ] }, { "name": "glasswatch", "description": "Passive BLE scanner for smart-glasses manufacturer IDs (Meta, EssilorLuxottica, Snap)", "category": "uncategorized", "tags": [], "homepage": "https://cli.johlem.net/tools/glasswatch/", "dist_kind": "rust_binary", "release_status": "shipped", "latest_version": "1.0.0", "platforms": [ "linux-x86_64-glibc" ] } ] }