Skip to content
@mlab-sh

Mlab.sh

MLAB is a modular security analysis platform for IOC analysis at scale

🧪 MLAB

Investigate threats, not noise.

The complete cyber platform — IOC & file intelligence, incident response, threat hunting and third-party risk, unified in one ecosystem. Built for SOC teams, DFIR and threat researchers who need signal, not noise.

🌐 mlab.sh · 🧭 Ecosystem · 📖 Docs · 🧰 Free tools · 𝕏 @Sn0wAlice


🔎 Core — mlab.sh

IOC & file intelligence platform. Search IPs, domains, hashes, certs and files → structured, enriched, actionable intelligence in seconds, powered by 20+ analysis tools.

Analyze Details
IP / CIDR IPv4, IPv6, range analysis
Domains DNS, passive DNS, infra pivoting
Files Static & dynamic analysis
Certificates TLS metadata, chain inspection
  • Static & dynamic file analysis (EXE, DLL, PDF, Office…)
  • MITRE ATT&CK mapping, JS deobfuscator, infra correlation
  • REST API + MCP integration for workflow automation

🧰 Open source

Rust-first, built in the open. Grab them, script them, drop them into your pipeline.

Project What it does
mlab-cli Query the mlab.sh platform straight from your terminal — scriptable IOC & file intelligence
postmortem Static dependency scanner (Node.js, Python, Rust, Ruby, PHP, Go, JVM). Resolves the lockfile graph, walks vendored sources, and flags suspicious patterns
assay ML model artifact security scanner (safetensors / GGUF / pickle) ⟨vérifie le wording⟩
n8n-node Verified n8n community node to plug mlab.sh into your workflows ⟨confirme le nom du repo⟩

🧭 The ecosystem — 35 modules, 5 layers

Security is not a product. It's a practice.

One data model, one API surface, one alerting pipeline. No silos, no gaps, no noise. ✅ available · 🔜 coming soon

🏛️ Governance

  • tprm.mlab.sh — Third-party risk management
  • risk.mlab.sh — EBIOS Risk Manager platform
  • 🔜 pra.mlab.sh — Business continuity & recovery
  • 🔜 aware.mlab.sh — Phishing simulation & awareness

🎯 Detection

  • ir.mlab.sh — Self-hosted incident response
  • hunt.mlab.sh — Threat hunting with Sigma & YARA
  • actors.mlab.sh — Threat actor database (APTs, groups & TTPs)
  • 🔜 siem.mlab.sh — Log correlation & alerting

🛰️ Attack Surface

  • vuln.mlab.sh — Attack surface & CVE tracking
  • 🔜 sandbox.mlab.sh — Malware analysis & sandboxing
  • 🔜 watch.mlab.sh — Dark web monitoring

🍯 Deception & Endpoint

  • 🔜 honey.mlab.sh — Honeypots & canary tokens
  • 🔜 edr.mlab.sh — Endpoint detection & response

🎓 Training


🧪 Free tools — no account needed

IOC Extractor · JS Deobfuscator · Hash Generator · EML Parser · JWT Decoder · Regex Tester

Plus the MITRE ATT&CK map and security news & advisories.


🔐 Standalone

otp.mlab.sh — Encrypt. Share. Vanish. Send a password, API key or private note. Encrypted in your browser, handed over as a one-time link, destroyed the moment it's read. Client-side AES-256-GCM · zero-knowledge · EU-hosted.


🤝 Get involved

  • Bug reports / PRs → always welcome
  • Questions → open an issue or ping @Sn0wAlice
  • Enterprise / on-prem licensing → ⟨contact@mlab.sh ?⟩

⚠️ Unauthorized testing or abuse of the platform is prohibited. See security.txt and ToS.

Mlab · by Cyber Dream 🏴

Pinned Loading

  1. mlab-cli mlab-cli Public

    mlab is the official command-line client for the mlab.sh threat-intelligence platform and its companion CVE API at vuln.mlab.sh.

    Rust 1

  2. postmortem postmortem Public

    A static dependency scanner for Node.js, Python, Rust, Ruby, PHP, Go, and JVM (Java/Kotlin) projects. It resolves the lockfile graph, walks the vendored sources, and flags the patterns that typical…

    Rust 5

Repositories

Showing 10 of 12 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…