>;)HACKINGPAL./download
v0.3.0 · MIT · macOS · Linux · Docker

~ $ cat ./mission.md

AI-assisted
security workspace

The center of the app is the engagement — a scoped, named container for a single piece of work. Pick a playbook or pick tools one-by-one; every scan output, finding, and screenshot auto-attaches and becomes a report. A Claude copilot watches the session and helps you interpret it. It suggests — it doesn't act.

Download latest releaseView on GitHub
mhp · engagement · acme-prod
mhp:engagement $create acme-prod --scope acme.com,10.0.0.0/24
✓ created · id=eng_8f3a
mhp:playbook $run web-app-first-look
↳ 7 steps queued · awaiting approval
mhp:approve $step 1 → fuzz acme.com/api
running · 312 reqs · 2 findings
mhp:report $draft --format md
✓ drafted · 14 findings · 6 evidence files
mhp:report $
75+ TOOLS>;)ENGAGEMENT-FIRST>;)CLAUDE COPILOT>;)HUMAN-IN-THE-LOOP>;)APPEND-ONLY AUDIT>;)SCOPED EVIDENCE>;)MIT LICENSE>;)ELECTRON + REACT>;)FASTAPI SIDECAR>;)75+ TOOLS>;)ENGAGEMENT-FIRST>;)CLAUDE COPILOT>;)HUMAN-IN-THE-LOOP>;)APPEND-ONLY AUDIT>;)SCOPED EVIDENCE>;)MIT LICENSE>;)ELECTRON + REACT>;)FASTAPI SIDECAR>;)75+ TOOLS>;)ENGAGEMENT-FIRST>;)CLAUDE COPILOT>;)HUMAN-IN-THE-LOOP>;)APPEND-ONLY AUDIT>;)SCOPED EVIDENCE>;)MIT LICENSE>;)ELECTRON + REACT>;)FASTAPI SIDECAR>;)
// the flow

One arrow, end to end.

STEP 01
Engagement
STEP 02
Targets
STEP 03
Playbook
STEP 04
Tools
STEP 05
Evidence
STEP 06
Report

The 75+ individual tools — discovery, recon, web exploit, AD, cloud, forensics — are the library that lives inside engagements, not the product itself.

// principles

Built around how engagements actually run.

01>;)

Engagement-first

A scoped container for the work: targets, exclusions, evidence, and a report at the end. Lab mode skips the rails; Engagement mode enforces them.

02>;)

AI suggests — humans approve

A Claude-powered copilot interprets output, proposes the next check, and drafts the report. Every active attack still waits for a human click.

03>;)

Auto-attached evidence

Scan output, findings, screenshots — written to the engagement timeline as they happen. Append-only audit log records tool, target, argv, approver.

04>;)

Playbooks, guided

Bundles declare category, mode, and per-step rationale / success / approval. Passive Recon, Local Posture, Surface Inventory, Web App First Look ship built-in.

// tool library

75+ tools, grouped the way the sidebar groups them.

DISCOVERY

5+
  • $LAN Scan
  • $Port Scanner
  • $Ping Sweep
  • $ARP
  • $mDNS

RECON

5+
  • $Subdomain Enum
  • $DNS Recon
  • $CT Logs
  • $Email Audit
  • $CMS Fingerprint

WEB EXPLOIT

5+
  • $Fuzz
  • $Auth Bypass
  • $SQLi Probe
  • $XSS Probe
  • $Takeover

ACTIVE DIRECTORY

5+
  • $Kerberos Roast
  • $BloodHound
  • $Lateral Move
  • $SMB Enum
  • $AdSpray

CLOUD

4+
  • $S3 Scanner
  • $IAM Audit
  • $Public Buckets
  • $Metadata Probes

FORENSICS

5+
  • $Posture (macOS)
  • $Posture (Linux)
  • $Persistence Audit
  • $WPA Capture
  • $Packet Dump
// install

Grab a build. Run it.

APPLE SILICON

macOS

>;)
HackingPal-macos-arm64.dmg

Mount, drag to /Applications. Right-click → Open on first launch.

↓ Download .dmg
X86_64

Linux

>;)
HackingPal-linux-x86_64.AppImage

chmod +x, then run. Per-commit arm64 builds in Actions.

↓ Download .AppImage
BACKEND API

Docker

>;)
docker compose up -d

Headless FastAPI sidecar. NET_RAW + NET_ADMIN for raw scans.

↓ Download docker-compose.yml
// FIRST RUN

First launch prompts for a fresh Keychain entry the first time it touches a privileged tool (tcpdump, nmap SYN/UDP/OS). For the AI Assistant, open Settings → API keys and paste an Anthropic API key. All builds are unsigned — see docs/SIGNING.md for what code-signing would take.