Skip to content
View GnomeMan4201's full-sized avatar
💭
always breaking things
💭
always breaking things
112 followers · 123 following

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: YOLO

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: YOLO

Block or report GnomeMan4201

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
GnomeMan4201/README.md 
 ██████╗  █████╗ ██████╗ ██████╗  █████╗ ███╗   ██╗ █████╗ ███╗  ██╗ █████╗
 ██╔══██╗██╔══██╗██╔══██╗██╔══██╗██╔══██╗████╗  ██║██╔══██╗████╗ ██║██╔══██╗
 ██████╦╝███████║██║  ██║██████╦╝███████║██╔██╗ ██║███████║██╔██╗██║███████║
 ██╔══██╗██╔══██║██║  ██║██╔══██╗██╔══██║██║╚██╗██║██╔══██║██║╚████║██╔══██║
 ██████╔╝██║  ██║██████╔╝██████╔╝██║  ██║██║ ╚████║██║  ██║██║ ╚███║██║  ██║
 ╚═════╝ ╚═╝  ╚═╝╚═════╝ ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝  ╚══╝╚═╝  ╚═╝
                    R E S E A R C H   C O L L E C T I V E

Independent security research · OSINT tooling · CIB investigations

r4b1t dev.to license

What this is

Independent research operation running three tracks:

Investigations — Coordinated inauthentic behavior networks, malware distribution campaigns, browser extension abuse. Findings disclosed responsibly, documented publicly.

Tooling — Open-source infrastructure for OSINT, detection engineering, and security research. Terminal-native. Built to compose.

Analysis — Published writeups on threat actor methodology, internet culture, and tool teardowns.

Tools

Repo Description Status
r4b1t StumbleUpon-style discovery engine — 53,869 verified OSINT/security URLs, BRANCH mode, PWA live
inv-hub Investigation management system — Rich TUI, disclosure tracking, correlation engine active
SHENRON Detection engineering framework — 390 tests, 53 simulation layers, 20 Sigma rules, MITRE ATT&CK drift checker active
gnome_control Operator dashboard — live monitor, SVG correlation graph, Anthropic briefing generator active
PRAXIS Research knowledge base CLI — SQLite/FTS5, BagIt archival, 14 templates, 13 commands active

Investigations

ID Subject Outcome
INV-001 upvote.club / NSBoost — browser extension fake engagement network. Operator attributed: Alexey Ignatov, Codemarket OÜ (Tallinn) disclosed · published
INV-002 GhostLoader/RemcosRAT — 32+ repo malware network, bot-inflated stars, 2,100+ victims. Delivery: cloudcraftshub.com, dropras.xyz disclosed to GitHub
INV-003 IPASIS.com — IOC cross-reference across awesome-lists and threat intel repos active
INV-004 myLittleAdmin — SQL admin panel exposure closed
INV-005 hajigur69 CIB network — 26 accounts, 39 duplicate avatar hash groups, 6 deployment waves, carox.tech infra. Overlap with INV-001 confirmed disclosed

Corpus

Assembled via eight-script scraper pipeline (CDP, GitHub miner, onion harvester, dedup ranker):

53,869  verified live URLs (security / OSINT / research)
   864  verified onion addresses
   738  consensus security tools
16,577  unique URLs indexed in hub.db (FTS5)

Published

Stack

Pop!_OS · Python · SQLite/FTS5 · Bash · Playwright/CDP

Vanilla JS · Cloudflare Workers · GitHub Actions · BagIt · Sigma · MITRE ATT&CK

BANANA_TREE ecosystem · badBANANA Research Collective · GnomeMan4201

Pinned Loading

  1. r4b1t r4b1t Public

    r4b1t h0L3 is a random discovery engine with 53,869+ curated URLs.StumbleUpon for OSINT and cybersecurity. No algorithm, no tracking, runs entirely in-browser. Surfaces threat intel platforms, secu…

    Python 1

  2. devto-analytics-pro devto-analytics-pro Public

    Advanced analytics for DEV.to writers - tag performance, growth trends, engagement tracking

    Python 7

  3. LANimals LANimals Public

    Local network intelligence and deception platform. Host discovery, behavioral risk scoring, honeypot traps, and force-directed graph UI.

    Python 7 1

  4. zer0DAYSlater zer0DAYSlater Public

    Instrumented adversarial simulation framework for studying detection, evasion, and LLM-driven operations. Research tooling for controlled environments.

    Python 3 3

  5. shenron shenron Public

    Synthetic adversarial telemetry and detection validation pipeline. Sigma rule evaluation, assumption validation, evidence discipline, HTML reports.

    Python