Strix Advanced Tools
EN

Verify us — don't just trust us.

Strix Advanced Tools are free, open-source (MIT), and built to run fully offline. Our Windows builds are not yet code-signed with a paid certificate — we're a small, independent, zero-budget project, and we'd rather say that plainly than hide it. Because every tool is open source, you don't have to take our word for anything. Here's how to check it yourself.

Last updated

📖

The source is public

Every tool is a public GitHub repository under the MIT license. Read every line, rebuild it yourself, and confirm it does exactly what it claims.

🔗

The builds are attested

Each release carries a GitHub build-provenance attestation (SLSA Build L2) — cryptographic proof the file was built from this source, on GitHub's servers, untouched since.

✈️

Nothing phones home

The desktop tools make zero network calls. Pull your network cable and they still work; watch your outbound traffic and you'll see none.

Verify your download

Verification is optional — if you downloaded from a GitHub release you're already fine. But if you want to be sure, every release ships a SHA256SUMS file, and here's how to check against it. Replace the example filename with the tool you downloaded.

🪟 WindowsCheck the checksum

In the folder where you saved the download, run PowerShell:

Get-FileHash .\Strix-Inspector-Setup.exe -Algorithm SHA256

Compare the printed hash to the matching line in SHA256SUMS. If they're identical, the file is byte-for-byte what we published:

Algorithm  Hash                                                              Path
---------  ----                                                              ----
SHA256     3F2A…  (compare this to the value in SHA256SUMS)                    …\Strix-Inspector-Setup.exe
🐧 LinuxCheck the checksum

Put the download and its SHA256SUMS in the same folder, then:

sha256sum -c SHA256SUMS

A one-word answer per file — you want OK:

Strix-Inspector-Setup.exe: OK
🔗 Any OSVerify build provenance

Stronger than a checksum: prove the binary was built from our public source in our public CI. Needs the GitHub CLI 2.49+: GitHub CLI

gh attestation verify Strix-Inspector-Setup.exe --repo strix-tool/strix-inspector

A green success line naming the exact source repository that produced the file:

Loaded digest sha256:… for file://Strix-Inspector-Setup.exe
✓ Verification succeeded!

  - Source Repository: strix-tool/strix-inspector
  - Predicate type:    https://slsa.dev/provenance/v1

Checksums are published in each GitHub Release and mirrored over HTTPS — example SHA256SUMS. The provenance attestation is stored on GitHub, not by us, so neither we nor a compromised download mirror can forge it. SHA256SUMS

What data leaves your machine

The short version: for the desktop tools, none. Here it is in full — and every row is something you can confirm with a packet capture.

CategoryWhat it isWhere it goes
The files you processMetadata, disk contents, archives — read and written in place on your machine.Never uploaded. Nothing is sent anywhere.
Your system detailsHostname, username, serial numbers, IPs, hardware — shown inside the app only.Displayed locally; never transmitted.
Settings & reportsPreferences, logs, HTML/PDF reports.Saved on disk (%LOCALAPPDATA% / ~/.config); never synced to a server.
Usage & crash analyticsNone. There is no analytics SDK, no telemetry, no phone-home.Nothing is collected, ever.
Network egress (desktop tools)MetaVault, Pulse, Inspector, Sentinel, Sinkhole, Talon.Zero outbound sockets. Disconnect the network — they still work.
Network egress (recon tools)Vantage & Archer — whose whole job is the network.Only key-less public APIs you explicitly trigger, after a consent gate, bounded by timeouts.

Antivirus & SmartScreen warnings

Because our Windows apps are unsigned and packaged with PyInstaller, Windows SmartScreen may say “unknown publisher” or “not commonly downloaded,” and a handful of the ~70 antivirus engines may flag the installer. This is expected for new, unsigned, open-source software — it's a generic heuristic about how the app is packaged, not a detection of actual malware.

We link a live VirusTotal scan per build once a release is out, so you can see the current result for yourself. We will never post a “clean scan” screenshot or claim “zero detections” — a live link you can click beats a screenshot that goes stale on the next build.

Read the source

The strongest assurance of all. Grep any repo for socket, urllib, requests or http and see for yourself what does — and doesn't — touch the network.

Threat model

What Strix protects against
Data leaking through file metadata, recoverable data on discarded drives, tracker/telemetry/ad domains, silent outbound connections, unknown autostarts and devices, and closed-source tools you cannot inspect.
What Strix is NOT
It is not antivirus/EDR, not a sandbox, and not a defence against a compromised OS or malware already running as admin. The desktop tools surface information and act on your command; they do not fight active threats in real time.
Trust boundary
Provenance proves a download came unmodified from this public source via GitHub CI. It does not prove the source is benign — that is what the open MIT code, which you can read and rebuild, is for.

Found a vulnerability?

Report it privately — please don't open a public issue for a security bug. Each repository has a SECURITY.md with the threat model and a coordinated-disclosure path, and GitHub private vulnerability reporting is enabled. We won't retaliate, and we'll credit you if you'd like.