Strix Advanced Tools are free, open-source (MIT), and built to run fully offline. Our Windows builds are not yet code-signed with a paid certificate — we're a small, independent, zero-budget project, and we'd rather say that plainly than hide it. Because every tool is open source, you don't have to take our word for anything. Here's how to check it yourself.
Last updated
📖
The source is public
Every tool is a public GitHub repository under the MIT license. Read every line, rebuild it yourself, and confirm it does exactly what it claims.
🔗
The builds are attested
Each release carries a GitHub build-provenance attestation (SLSA Build L2) — cryptographic proof the file was built from this source, on GitHub's servers, untouched since.
✈️
Nothing phones home
The desktop tools make zero network calls. Pull your network cable and they still work; watch your outbound traffic and you'll see none.
Verify your download
Verification is optional — if you downloaded from a GitHub release you're already fine. But if you want to be sure, every release ships a SHA256SUMS file, and here's how to check against it. Replace the example filename with the tool you downloaded.
🪟 WindowsCheck the checksum
In the folder where you saved the download, run PowerShell:
Checksums are published in each GitHub Release and mirrored over HTTPS — example SHA256SUMS. The provenance attestation is stored on GitHub, not by us, so neither we nor a compromised download mirror can forge it. SHA256SUMS
What data leaves your machine
The short version: for the desktop tools, none. Here it is in full — and every row is something you can confirm with a packet capture.
Category
What it is
Where it goes
The files you process
Metadata, disk contents, archives — read and written in place on your machine.
Never uploaded. Nothing is sent anywhere.
Your system details
Hostname, username, serial numbers, IPs, hardware — shown inside the app only.
Displayed locally; never transmitted.
Settings & reports
Preferences, logs, HTML/PDF reports.
Saved on disk (%LOCALAPPDATA% / ~/.config); never synced to a server.
Usage & crash analytics
None. There is no analytics SDK, no telemetry, no phone-home.
Zero outbound sockets. Disconnect the network — they still work.
Network egress (recon tools)
Vantage & Archer — whose whole job is the network.
Only key-less public APIs you explicitly trigger, after a consent gate, bounded by timeouts.
Antivirus & SmartScreen warnings
Because our Windows apps are unsigned and packaged with PyInstaller, Windows SmartScreen may say “unknown publisher” or “not commonly downloaded,” and a handful of the ~70 antivirus engines may flag the installer. This is expected for new, unsigned, open-source software — it's a generic heuristic about how the app is packaged, not a detection of actual malware.
Why it happens: the PyInstaller bootloader is a common packaging format (malware uses it too), a brand-new file has no download reputation, and unsigned binaries get a “suspicious until proven” penalty.
The real proof is the checksum and the provenance attestation above, plus the source you can read — not any vendor's heuristic.
What we do: we report false positives to vendors as they appear, and we're applying to the SignPath Foundation's free code-signing program for open-source projects, which we'll roll out as reputation builds.
Please never disable your antivirus. If you're unsure, verify the checksum, or run the tool from source.
We link a live VirusTotal scan per build once a release is out, so you can see the current result for yourself. We will never post a “clean scan” screenshot or claim “zero detections” — a live link you can click beats a screenshot that goes stale on the next build.
Read the source
The strongest assurance of all. Grep any repo for socket, urllib, requests or http and see for yourself what does — and doesn't — touch the network.
Data leaking through file metadata, recoverable data on discarded drives, tracker/telemetry/ad domains, silent outbound connections, unknown autostarts and devices, and closed-source tools you cannot inspect.
What Strix is NOT
It is not antivirus/EDR, not a sandbox, and not a defence against a compromised OS or malware already running as admin. The desktop tools surface information and act on your command; they do not fight active threats in real time.
Trust boundary
Provenance proves a download came unmodified from this public source via GitHub CI. It does not prove the source is benign — that is what the open MIT code, which you can read and rebuild, is for.
Found a vulnerability?
Report it privately — please don't open a public issue for a security bug. Each repository has a SECURITY.md with the threat model and a coordinated-disclosure path, and GitHub private vulnerability reporting is enabled. We won't retaliate, and we'll credit you if you'd like.