White hat. Black hat. Grey hat.
We don't wear one.
Professional-grade tools built for red teams and penetration testers who are tired of being put in a box. Authorised use only — no apologies.
Built by practitioners. Tested in the field. No bloat, no dependency hell.
The most complete email security assessment framework in existence. DMARC-pass attack automation, dark web credential hunting, SPF chain analysis, password spray and forensic header analysis — one static binary, zero dependencies.
Automotive security research companion for Flipper Zero. Rolling code capture and replay, key fob cloning, garage protocol decoding and CAN bus injection.
Visual management layer for the Angie web server. Config editor, certificate lifecycle, upstream pool builder and live traffic analytics — no YAML wrestling.
Claude Code with the restraints removed. Multi-agent orchestration, persistent cross-session memory, automated security review and an extended MCP tool library.
The email security tooling market is fragmented. Delivery-only tools are blind. Enterprise platforms are expensive and built for defenders, not attackers.
Most tools start at "send email." EPS starts three steps earlier — mapping the SPF tree, identifying every authorised ESP, hunting for stolen credentials on the dark web and testing them live. By the time you send, you already know whether it'll land.
Bypassing DMARC is the gold standard. It requires routing your email through a provider the target has already authorised — Microsoft, Google, their own ESP. EPS automates the entire chain: find the stolen credential, test it, relay through it, DKIM is signed by Microsoft, SPF passes, DMARC passes. No other tool does this.
The HTML/PDF report is built for client deliverables. Risk-scored, colour-coded, with prioritised recommendations. From recon to report in one session — not one week of stitching together five different tools.
Single statically-linked Rust binary. Copy it to the jump box, run it. No Python version hell, no npm, no Docker, no dependency conflicts. GUI and CLI both included.
| Capability | EPS €199/yr |
GoPhish Pro ~$1,500/yr |
swaks Free |
Cobalt Strike $3,500/yr |
KnowBe4 Enterprise |
Metasploit Pro $15,000/yr |
|---|---|---|---|---|---|---|
| DMARC-pass via stolen creds | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Dark web credential hunting (Tor) | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| HIBP stealer log enrichment | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| SPF chain walking | ✓ | ✗ | ✗ | ✗ | ✗ | ~ |
| SMTP password spray (bundled wordlists) | ✓ | ✗ | ✗ | ~ | ✗ | ~ |
| Open relay discovery | ✓ | ✗ | ✗ | ~ | ✗ | ~ |
| Domain permutations + DNS check | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| DKIM signing (own key) | ✓ | ✗ | ~ | ✗ | ✗ | ✗ |
| Email header forensic analyser | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Professional PDF/HTML report | ✓ | ~ | ✗ | ✗ | ✓ | ✓ |
| Phishing campaign mode | ✓ | ✓ | ~ | ✓ | ✓ | ✓ |
| Single binary · zero dependencies | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ |
✓ Full · ~ Partial · ✗ Not available · Pricing from public sources, 2026
Online validation on every launch. Machine-fingerprint locked. No seat sharing.
Prices in EUR excluding VAT. Invoice available on request via the customer portal. Authorised security testing only.
No credit card. Instant key. You sign — you own the liability.