SUDOSOC

Your complete SOC and red team workspace — browser-native, offline-first, no account required. Nothing leaves your machine.

141 Tools · Zero Telemetry · Offline-First
0 tools
·
0 runbooks
·
0 categories
·
$0 forever
🗺️ Full sitemap — 35 pages
The Platform

Four operational zones.
One unified platform.

🛡
Blue Team
Defense & Detection
Dedicated defensive tooling for threat detection, coverage mapping, and blue team operations — from MITRE ATT&CK to multi-SIEM Sigma rule export.
  • ATT&CK Navigator — full matrix coverage tracker
  • Sigma Builder — export to Splunk SPL, Sentinel KQL, QRadar AQL
  • MITRE Log Simulator — realistic Windows & Linux log generation
  • Threat Intelligence Hub — 50+ curated TI feeds
  • 21 Playbooks — IR, Threat Hunt, DFIR, SOC Ops & Pentest
  • IOC Extractor, CVSS Calculator, Pivot Links
5 dedicated pages  ·  15 SOC tools
⚔️
Red Team
Offense & Simulation
Purpose-built offensive tools for red team operations — attack simulation, infrastructure design, and structured engagement logging with MITRE tagging.
  • Attack Chain Visualizer — 14-tactic kill chain builder
  • Attack Path Mapper — visual AD lateral movement canvas
  • C2 Architect — build infra & generate Nginx/HAProxy configs
  • Red Team Log — MITRE-tagged engagement timeline
  • Reverse Shell Builder, YARA Rule Builder, SQLi payload gen
  • Web security tools: XSS, SSRF, XXE, path traversal
4 dedicated labs  ·  20+ offensive tools
📚
Learn
Knowledge & Growth
A complete learning hub for security professionals at every level — career roadmaps, cert prep, interview practice, quizzes, and Linux/Windows artifact references.
  • Career Roadmaps — SOC, Pentest, DFIR, Cloud Security
  • Cert Study Guides — Security+, CEH, OSCP, CISSP, CySA+, eJPT
  • Interview Prep — 29 Q&A with detailed answers by role
  • Security Quiz — 62 questions, 3 difficulty levels
  • Linux & Windows Forensic Artifact References
  • 114-term Glossary · Resources · Shortcuts reference
8 knowledge pages  ·  21 playbooks
📡
RF & Hardware
Signal Intelligence
Organized offline reference for Software Defined Radio and hardware hacking — the only platform that covers HackRF, BladeRF, and ALFA all in one place, offline.
  • Hardware specs — HackRF One, BladeRF, RTL-SDR, Flipper Zero, Proxmark
  • 24+ frequencies — GPS, ADS-B, ISM, Bluetooth, Wi-Fi, POCSAG
  • Full HackRF command cheat sheet — capture, replay, sweep
  • ALFA Wi-Fi attack commands — monitor mode, WPA2, evil twin
  • 13 protocol security breakdowns with known vulnerabilities
  • 10 RF attack techniques — replay, jamming, RFID cloning
1 dedicated vault  ·  works 100% offline

Built-in Power

Platform features, always on.

No install, no account, no internet required — active on every page.

⌨️
Global Command Palette
Fuzzy-search all 141 tools and every page instantly. Jump anywhere without touching the mouse.
Press Ctrl+K anywhere
📝
Investigation Notepad
Persistent floating notepad for capturing findings mid-investigation. Survives page reloads via localStorage.
Press Alt+N on any tools page
🔗
Pivot Links
Auto-detects IPs, domains, hashes, and URLs in tool output — turns them into one-click pivot links to VirusTotal, Shodan, and more.
Active in all tool outputs
🟢
Offline Mode Indicator
Always-visible status dot shows your connectivity state. Every tool works 100% offline — no silent failures.
Always visible in the nav bar
🧪
MITRE Log Simulator
Generate realistic Windows Event Logs and Linux auth logs mapped to 11 ATT&CK techniques for training and detection testing.
📂
Linux Artifact Reference
55+ Linux forensic artifacts across 8 categories — file paths, log locations, persistence mechanisms — all click-to-copy.
🔎
Multi-SIEM Sigma Export
Build one detection rule and export to Splunk SPL, Microsoft Sentinel KQL, and IBM QRadar AQL simultaneously.
📡
RF & SDR Vault
The only platform covering HackRF, BladeRF, RTL-SDR, ALFA Wi-Fi, Flipper Zero, and Proxmark in one searchable offline reference.

Built Right

Why security people trust it.

01 / ARCHITECTURE
📦
Offline-First PWA
Every tool runs 100% in the browser. Service Worker caches the entire platform — use it on an air-gapped machine, on a flight, inside a lab with no internet. Nothing requires a server.
Service Worker · Cache-first · PWA installable
02 / PRIVACY
🔒
Zero Telemetry
No analytics. No trackers. No external requests. A strict Content Security Policy (connect-src 'none') blocks every outbound connection at the browser level — verified, not just promised.
CSP · connect-src 'none' · localStorage only
03 / OPENNESS
🔓
Open Source
Every line of code is on GitHub. Audit it, fork it, self-host it, contribute to it. No vendor lock-in, no license, no subscription. Built by a security practitioner, for security practitioners.
MIT License · Pure HTML/CSS/JS · No frameworks
Ready to deploy

Your workbench
is waiting.

No account. No install. No cost.
Open a tool and get to work.