Title here
Summary here
Open-Source Platform for Mobile Device Forensics and Digital Investigations
PiRogue Tool Suite (PTS) is a comprehensive, open-source digital investigation platform designed to empower organizations in an increasingly complex digital landscape. We provide accessible and powerful tools for network analysis, mobile forensics, and collaborative case management, specifically tailored for civil society, digital rights defenders, researchers, journalists, and regulatory bodies.
Uncover Digital Truth
In a world awash with digital information, PTS offers clarity. Whether you're investigating human rights abuses, ensuring regulatory compliance, researching digital threats, or conducting in-depth journalistic inquiries, our tool suite provides the capabilities you need to uncover evidence, protect individuals, and hold power accountable.Network Traffic Analysis
Capture and dissect network communications from various devices to understand data flows, identify destinations, and detect anomalies.Mobile Device Forensics
Extract and examine data from mobile devices to analyze application behavior, uncover malware, and investigate data exposure with user consent.Dynamic Application Analysis
Observe and trace the behavior of mobile applications to understand communication patterns, data handling, and privacy risks.Case Management
Systematically organize evidence, notes, findings within a structured investigative framework, share information, and build collective insights.Knowledge Management
Visually map relationships between entities to uncover complex patterns and enable teams to work together on investigations.Evidence Preservation
Collect, manage, preserve digital evidence, and enrich investigations by incorporating external threat feeds and intelligence data.
PiRogue: Portable Network Traffic Analyzer
PiRogue is a portable or virtualized and powerful network traffic analysis and mobile device forensics. Built on Raspberry Pi, it puts sophisticated interception and inspection capabilities directly into your hands, enabling you to understand how devices and applications are communicating and what data they are exposing.
Network Traffic Analysis
Passively intercept and analyze network traffic from any connected device (smartphones, computers). Identify suspicious connections, data leaks, and communication patterns without altering the device itself.Consensual Mobile Forensics
With consent, extract and analyze data from Android devices. Investigate app behavior, identify malware, and understand how personal data is being handled, supporting your work in digital rights and device security.Application Behavior Monitoring
Observe how mobile apps communicate. Track data transmission, cryptographic operations, and interactions with remote servers, crucial for identifying insecure apps or surveillance tools.
Colander: Organize, Analyze, Collaborate
Colander is our intuitive, web-based case management, digital investigations and knowledge-building platform. It seamlessly integrates with PiRogue and other data sources, allowing you to structure your investigative findings, visualize complex relationships, collaborate securely with your team, and share your findings with other organizations.
Centralized Case Management
Organize all your digital evidence, observations, and artifacts within distinct cases. Maintain a clear overview of complex investigations and ensure a methodical approach to evidence analysis or preservation.Collaborative Investigation
Securely share case information and collaborate with team members or trusted partners. Work together on analyzing data, building timelines, and developing investigative leads, regardless of geographical location.Visual Knowledge Graphing
Transform disparate pieces of information into interactive visual graphs. Map relationships between individuals, organizations, devices, malware, and online infrastructure to uncover hidden connections and patterns.
Threatr: Threat-Intelligence Aggregator
Threatr is an API-first threat-intelligence aggregator that unifies data from platforms like VirusTotal, OTX, Shodan, Scarlet Shark, and MISP into a single, standardized format. It delivers consistent, enriched threat intelligence through a simple and powerful REST API.
Unified Threat Intelligence
Aggregate and normalize threat data from multiple providers in one place. Threatr delivers a consistent data model for fast, reliable analysis across your security workflows.REST API-Driven Integration
Threatr exposes all features through a clean, easy-to-use REST API, making it easy to connect SIEM, SOAR, automation pipelines, or custom security tools with minimal effort.Historical IoC Intelligence Cache
Threatr keeps a persistent cache of all intelligence collected about an Indicator of Compromise. Each lookup enriches and updates the stored data, giving you long-term visibility into how an IoC evolves over time.
Colander Data Converter
Colander Data Converter is a Python library designed to transform, merge, and export structured threat-intelligence data. It natively supports Colander feeds and makes it easy to convert between formats such as MISP, STIX 2, JSON, CSV, Mermaid, Graphviz/dot, and any custom Jinja-based template.
Convert Between Multiple Formats
Seamlessly transform Colander data into MISP, STIX2, JSON, CSV, Mermaid, Graphviz/dot, or any user-defined Jinja template—ideal for interoperability and automation.Merge & Manipulate Feeds
Combine several Colander data sources, normalize structures, and enrich or refine the resulting dataset through Python-friendly operations.Flexible Python Library
Colander Data Converter integrates smoothly into scripts, pipelines, or larger security platforms. Its modular design lets you extend format handlers or build your own exporters.
PCAPNG Converter
PCAPNG Converter transforms captured network traffic into a fully enriched HAR file, including decrypted TLS sessions and optional PiRogue-specific metadata such as socket stacktraces and payload decryption.
Convert PCAPNG to Decrypted HAR
Provide TLS secrets, inject them into your PCAPNG, and generate a HAR file containing fully decrypted HTTP/S traffic. Perfect for deep network-forensics and debugging workflows.Stacktrace Identification
When used with PiRogue captures, the converter automatically attaches precise socket-level stacktraces for every request and response. Understand exactly which application operations generated specific network events.Payload Decryption
If PiRogue captured encryption/decryption metadata, the converter replaces encrypted payloads with cleartext and adds detailed decryption metadata into the HAR. Ideal for analyzing hidden or obfuscated application traffic.
Mandolin
Mandolin is an API-first service that centralizes content extraction with Apache Tika and OCR, applies detection rules for threat detection, and performs image transformations—all accessible through a clean and efficient REST API.
Content & Metadata Extraction
Mandolin uses Apache Tika and OCR to extract text, metadata, and embedded resources from a wide range of file formats. Ideal for indexing, analysis, and document-processing pipelines.YARA-Based Threat Detection
Send any file to Mandolin and automatically run your YARA rules. Mandolin returns structured match results, making it easy to integrate malware scanning into automated workflows.Image Transformations
Generate thumbnails, convert image formats, or apply transformations—all through a simple API call. Mandolin is built to power content tooling, previews, and media workflows at scale.Testimonials
" PiRogue and Colander tools from the PiRogue Tool Suite were instrumental for our project in conducting the analysis and identifying privacy violations in the mobile apps.
As strategic litigators, it is crucial for us to collect solid evidence of privacy violations to support our arguments during the procedure. The two tools provide a comprehensive setup for mobile app investigations and are open source.
PiRogue helps record network traffic and other evidence such as cryptographic activity, SSL keylog files, socket activity, and even a screencast of the app from the viewpoint of the app user. Thanks to Colander, we were able to analyse the entire network traffic of the apps tested and identify suspicious activities. Both tools are intuitive to use and deliver reliable results.
As an NGO, we highly value the tool's reliability and accessibility, as it empowers us to investigate mobile apps that would otherwise be very difficult to explore.
" One of the best ways to teach smartphone privacy is to let students see for themselves how apps handle data. PiRogue makes that possible by capturing the hidden signals an app is constantly sending and receiving. This process takes abstract privacy concerns and grounds them in concrete, technical evidence. Because PiRogue is open source and approachable, students don't need expensive lab setups or proprietary tools to get started. They can experiment directly, uncovering the kinds of privacy risks that would otherwise remain invisible. The hands-on practice not only strengthens their technical abilities but also encourages them to think critically about the broader impact of surveillance and data collection in everyday mobile apps.
