Investigate threats, not noise.
The complete cyber platform — IOC & file intelligence, incident response, threat hunting and third-party risk, unified in one ecosystem. Built for SOC teams, DFIR and threat researchers who need signal, not noise.
🌐 mlab.sh · 🧭 Ecosystem · 📖 Docs · 🧰 Free tools · 𝕏 @Sn0wAlice
🔎 Core — mlab.sh
IOC & file intelligence platform. Search IPs, domains, hashes, certs and files → structured, enriched, actionable intelligence in seconds, powered by 20+ analysis tools.
| Analyze | Details |
|---|---|
| IP / CIDR | IPv4, IPv6, range analysis |
| Domains | DNS, passive DNS, infra pivoting |
| Files | Static & dynamic analysis |
| Certificates | TLS metadata, chain inspection |
- Static & dynamic file analysis (EXE, DLL, PDF, Office…)
- MITRE ATT&CK mapping, JS deobfuscator, infra correlation
- REST API + MCP integration for workflow automation
Rust-first, built in the open. Grab them, script them, drop them into your pipeline.
| Project | What it does |
|---|---|
| mlab-cli | Query the mlab.sh platform straight from your terminal — scriptable IOC & file intelligence |
| postmortem | Static dependency scanner (Node.js, Python, Rust, Ruby, PHP, Go, JVM). Resolves the lockfile graph, walks vendored sources, and flags suspicious patterns |
| assay | ML model artifact security scanner (safetensors / GGUF / pickle) ⟨vérifie le wording⟩ |
| n8n-node | Verified n8n community node to plug mlab.sh into your workflows ⟨confirme le nom du repo⟩ |
Security is not a product. It's a practice.
One data model, one API surface, one alerting pipeline. No silos, no gaps, no noise. ✅ available · 🔜 coming soon
🏛️ Governance
- ✅ tprm.mlab.sh — Third-party risk management
- ✅ risk.mlab.sh — EBIOS Risk Manager platform
- 🔜 pra.mlab.sh — Business continuity & recovery
- 🔜 aware.mlab.sh — Phishing simulation & awareness
🎯 Detection
- ✅ ir.mlab.sh — Self-hosted incident response
- ✅ hunt.mlab.sh — Threat hunting with Sigma & YARA
- ✅ actors.mlab.sh — Threat actor database (APTs, groups & TTPs)
- 🔜 siem.mlab.sh — Log correlation & alerting
🛰️ Attack Surface
- ✅ vuln.mlab.sh — Attack surface & CVE tracking
- 🔜 sandbox.mlab.sh — Malware analysis & sandboxing
- 🔜 watch.mlab.sh — Dark web monitoring
🍯 Deception & Endpoint
- 🔜 honey.mlab.sh — Honeypots & canary tokens
- 🔜 edr.mlab.sh — Endpoint detection & response
🎓 Training
- ✅ academy.mlab.sh — Cybersecurity training & courses
- ✅ kids.mlab.sh — Cyber education for kids
IOC Extractor · JS Deobfuscator · Hash Generator · EML Parser · JWT Decoder · Regex Tester
Plus the MITRE ATT&CK map and security news & advisories.
otp.mlab.sh — Encrypt. Share. Vanish. Send a password, API key or private note. Encrypted in your browser, handed over as a one-time link, destroyed the moment it's read. Client-side AES-256-GCM · zero-knowledge · EU-hosted.
- Bug reports / PRs → always welcome
- Questions → open an issue or ping @Sn0wAlice
- Enterprise / on-prem licensing → ⟨contact@mlab.sh ?⟩
security.txt and ToS.
Mlab · by Cyber Dream 🏴