Analysis updated 2026-05-18
Search across more than 20 security knowledge bases like HackTricks and OWASP guides in one query.
Add your own notes or an Obsidian vault to the index alongside the external sources.
Let an AI assistant query the local index through MCP mode to look up techniques or build checklists.
| penthertz/grimoire | huey1in/windsurfx | keon/jepa | |
|---|---|---|---|
| Stars | 98 | 97 | 97 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 2/5 | 3/5 | 4/5 |
| Audience | developer | developer | researcher |
Figures from each repo's GitHub metadata at analysis time.
Initial setup clones over 20 external repositories, which can take a while depending on connection speed.
Grimoire is a tool that collects more than 20 well-known security knowledge repositories, indexes all of their content into a single local search database, and serves a web interface where you can search across all of them at once. The idea is that instead of opening HackTricks in one browser tab, PayloadsAllTheThings in another, and the OWASP guides somewhere else, you type one search query and get matching results from every source at once, each linking back to the original file. The knowledge bases it indexes cover a wide range of offensive and defensive security topics. Included sources cover web application attacks (OWASP WSTG, OWASP API Top 10, cheat sheets), Active Directory attacks, command and control frameworks, mobile security (OWASP MASTG and MASVS), living-off-the-land references (GTFOBins, LOLBAS), reverse engineering (Ghidra docs, radare2, angr), hardware fault injection and chip glitching, Bluetooth and WiFi security, software-defined radio, OSINT, forensics and incident response, and compliance frameworks. The tool is a single Python script. Running it clones all the configured repositories to your machine, builds a SQLite full-text search index, and starts a local web server. After the initial setup there are no external calls at runtime, so it works fully offline. Search rankings use BM25, which is a standard approach for relevance scoring in full-text search. You can add your own notes or point it at an Obsidian vault and it will index those alongside the external sources. An optional MCP mode exposes the index to AI coding assistants like Claude or Codex, which can then query the knowledge base to look up techniques, build checklists, or compile cited guides on a topic. This mode has a read-only default that prevents the AI from running shell commands, with an opt-in mode for letting it detect and install tools under a restricted denylist. The project comes from Penthertz, a security firm, and is part of their RF-Swift toolkit. It requires Python and has no mandatory external services. No license is listed in the README.
A tool that indexes more than 20 well known security knowledge repositories into one local search database with a single search interface, working fully offline.
Mainly Python. The stack also includes Python, SQLite.
No license is listed in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.