Tools

A list of tools I use.

Unformatted

• https://github.com/affaan-m/everything-claude-code
• https://github.com/peass-ng/PEASS-ng/tree/master
• https://github.com/0bfxgh0st/MMG-LO/

Fun/media

I am aggressively de-googling my life in 2025/2026.

• protonmail - encrypted email, Swiss privacy laws
• duckduckgo - privacy-respecting search engine
• immich: google photos clone, self-hosted
• navidrome: youtube music clone, self-hosted
• more to come? :)
• vesktop - lightweight Discord client fork
• ps3xploit.me - PS3 jailbreak/homebrew exploits and tools
• switch.hacks.guide - comprehensive Nintendo Switch homebrew/CFW guide
  • nh-server/switch-guide - GitHub source for the above guide
  • mGBA - GBA emulator for Switch homebrew
  • pemu - multi-system emulator frontend (needs a custom XML file, annoying)
  • retroarch - multi-system emulator frontend (needs older firmware, warning)
• imgburn, cd burning
• Xbox Emulator Files - Xbox emulator files collection

Programming

• python: general purpose language
  • conda/poetry/uv/pipenv/pip - package managers. prefer uv for speed/simplicity.
  • pil/pillow: image processing library
  • numpy: numerical computing library
  • pandas: xlsx/csv manipulation library
  • matplotlib: data visualization library
• rust: faster than python.
• bash: scripting language
• just: very good build tool
• ohmygit - interactive Git learning game
• postman: http requests
  • bruno is probably better, TODO use it
  • in general, ditch postman. they're starting to put their client behind a paywall/login wall. move to an OSS tool that's free. it's not rocket science to make something that ingests OpenAPI Spec and just runs curl...so why force corporations or individuals to pay for the simple feature of saving a Postman collection?

Text Editing

• windsurf: bloated, use zed

• cursor: bloated, use zed

• vscode - bloated, only use if you absolutely need to. It's slow and used to be my favorite, but...

• zed - Fast and simple text editor. Rust backend. (zeditor is the CLI command)

• nano - command line editor

CICD

• jenkins
  • AVOID. legacy and lots of design bugs
  • pipeline is useful but...its 2025. try to use github cicd or similar. AVOID jenkins.
• get good at bash
• understand yaml
• github runners
  • (literally just docker containers w/ some yaml command runner. its all the same pattern.)
  • can also do self hosted
• openstatus - uptime/health monitoring, can self host
• forgejo - self-hosted Git forge (Gitea fork), lightweight GitHub alternative

OS

i highly recommend never using windows, for many, many reasons

Linux distros

• ubuntu - server OS
• nixos - server/desktop OS
• cachyOS - easy arch based OS, fast. bleeding edge so stuff breaks. avoid if u value ur time or are new to linux.
• TrueNAS CORE - freebsd based NAS OS that uses ZFS, ZFS is superior for use as a NAS for many reasons
  • AVOID hardware based RAID. if ur card dies and u cant replace it, kiss your data goodbye. software based raid does not suffer from this issue.

Dotfiles

• chezmoi - dotfile manager, handles templating/secrets/multi-machine setups

Windows utilities

• windhawk - Windows app modding/tweaking tool
• crystaldiskinfo - disk health monitor
• windirstat - disk usage visualizer
• minitool partition wizard - partition manager
• minitool shadowmaker - disk backup/cloning/imaging tool
• 7-zip - archive tool
• imagemagick - image conversion/manipulation CLI tool (install via chocolatey)
• mmsys.cpl - sound settings (run dialog)
• appwiz.cpl - add/remove programs (run dialog)

Hardware

I run various cheap laptops and a few HEPC (High-End Personal Computer) setups. Only Linux, except for a Windows computer I use for piano playing/DAW/Frooty Loops.

• pcpartpicker saved builds - my saved PC part lists
• framework - modular/repairable laptops
• framework keyboard - framework's mechanical keyboard

AI

My current AI stack is here. I used to use ollama but it has issues with ROCm drivers on AMD GPUs, so I switched to llama.cpp!

cachyos-whitedragon-ai-lab

Current working stack:

• lm studio: easy GUI for running local LLMs
• llama.cpp: text generation backend (works with ROCm)
• koboldcpp: easier to setup than llama.cpp.
• exo - run your own AI cluster across multiple devices (phones, laptops, etc.), no specialized hardware needed
• openwebui: frontend for LLM interaction (TBD)
• comfyui: image/video/audio generation (TBD)
  • ComfyUI-Zluda - ComfyUI with ZLUDA for AMD GPUs on Windows
• stablediffusion: image generation (TBD)
• goose: Claude CLI clone, seems very formidable.
• canirun.ai - LLM right-sizing tool: check if your hardware can run a given LLM
• llmfit: Hardware-aware LLM model finder. Detects your RAM/CPU/GPU and recommends models that will actually run well on your hardware. Supports multi-GPU, MoE architectures, and integrates with Ollama/llama.cpp/MLX.
  • stable-diffusion-webui-amdgpu - SD WebUI fork with AMD GPU support
    • setup guide (YouTube)

Corpo AI for coding

• claude: You can use this, but you can also self-host local AI and use CLI tools like:
  • aider: OSS claude cli clone
  • claude-code-router - route Claude Code requests to different AI providers/models
  • Claude Code Router Tutorial
  • etc...TODO: Add more coding agents here from testing.

The basic pattern to locally host is just to run llama.cpp (or ollama if you have NVIDIA GPUs) on a powerful PC, set up a VPN with tailscale, and then connect to the LLM endpoint with your less powerful computer via a coding agent like aider or a frontend like openwebui.

Local AI models

These models were intended for ollama but can be converted for llama.cpp. I plan on running my own benchmarks on each.

• llama3.2:3b
  • TODO: Test.
• yuiseki/devstral-small-2507:24b
  • TODO: Test.
• hf.co/bartowski/Qwen2.5-Coder-14B-Instruct-abliterated-GGUF:Q4_K_S
  • TODO: Test.
• hf.co/mlabonne/gemma-3-27b-it-abliterated-GGUF:Q4_K_M
  • Human remarks: It is indeed abliterated. It will happily generate usable Python malware.
  • TODO: Test.

Anti AI/Anti Slop

• nepenthes - Markov chain babble generator, wastes the time/CPU of scrapers

Infra

• docker: containerization platform
• kubernetes: container orchestration
• grafana: monitoring visualization
• prometheus: monitoring metrics/backend
• copyparty - portable file server with upload, search, media playback, and more

Backup

• dd - data duplicator/data destroyer

Media

• yt-dlp: youtube downloader, before youtube killed it with session cookie enforcement.
• transmission: torrent client
• jellyfin: media server
• romm: emulation ROM/retro game database
• seanime: anime media server
  • extensions: TODO
• gallery-dl: image downloader

Streaming

• OBS Studio
• veadotube mini: Lightweight PNGTuber app for streaming. Easy setup, supports GIFs/APNGs, eye blinking, shake/jump effects, unlimited expression states controlled via keyboard/mouse/gamepad/MIDI/WebSocket.
• OBS Studio Input Overlay

Other

• opengridworks power plants - power plant data
• handy.computer - offline text transcription
• sshx.io - share terminal (dangerous)
• pomofocus - pomodoro timer
• obsidian - markdown note-taking / personal knowledge base
• laboriacuboniks - xenofeminist collective

Hacking links

Dark web / anonymity

• tor - onion routing anonymity network
• i2p - garlic routing anonymity network
• ahmia - clearnet Tor search engine
• torch - Tor search engine (.onion)
• dread - Reddit-like forum on Tor (.onion)
• exploit.in - Russian-language cybercrime/exploit forum
• raidforums - data leak forum (seized by law enforcement)
• leaks - data leak aggregator

References & resources

• gandalf - AI prompt injection challenge/game
• gtfobins - Unix binaries that can be exploited for privilege escalation/bypasses
• hacktricks - pentesting/CTF reference book
• revshells - reverse shell generator
• eclypsium - firmware/supply chain security research
• ddosecrets - public interest leak repository
• hacker news - tech/security news aggregator
• dark reading - cybersecurity news
• sans ouch - SANS security awareness newsletter
• databreachtoday - breach/incident news
• terraform plan visualizer - visualize terraform plans
• SAFe implementation roadmap - scaled agile framework
• simple sabotage field manual - declassified CIA doc
• privacytools - privacy-focused software recommendations
• algorithmic trading roadmap - algo trading guide
• lesswrong - rationalism/AI safety community

Hacking tools

Used

• kali linux - penetration testing distro by Offensive Security

• parrotos - security/privacy-focused Linux distro

• dirb - web content scanner / directory brute-forcer

• ffuf - Fuzz Faster U Fool, fast web fuzzer for directories/params/vhosts

• gobuster - directory/DNS/vhost brute-forcer

• nmap - network mapper and port scanner

• rustscan - fast Rust-based port scanner, feeds into nmap

• ftp - file transfer protocol CLI client

• some python idk lol

• /etc/hosts - local DNS override file, useful for redirecting domains or lab environments

• searchsploit - offline CLI search for exploit-db

• msfconsole - Metasploit Framework interactive console

• GodPotato - Windows privilege escalation via impersonation (SeImpersonatePrivilege / Potato family)

• msfvenom - Metasploit payload and shellcode generator

• evilginx2 - adversary-in-the-middle phishing framework, bypasses 2FA by proxying real login pages and capturing session cookies

To investigate

• BlueHammer - tool to investigate
  • meltingscales/BlueHammer - my fork
• RedSun - windows LPE
• deepnet DN Key Pro - experimental hardware key
• Proxgrind - NFC/RFID tool
• proxmark / icopy-x - RFID/NFC research hardware
• Bash Bunny - USB attack platform by Hak5
• Flipper Zero BadUSB payloads - HID injection scripts for Flipper Zero