Cross-platform desktop framework for authorised ethical hacking. Strict legal scope, audit logging, sandboxed modules.
Existing pentest tools force a trade-off: either power and opacity (the user doesn't know exactly what's being executed), or transparency and slowness. None offers a complete, legally-actionable audit log proving no out-of-scope action was attempted.
Klown is built for authorised auditing — bug bounties, contractual intrusion tests, vulnerability research within legal bounds. Every action is logged, signed, timestamped. Exceeding the declared scope is technically blocked.
Two-layer architecture: a Rust core handling isolation, logging and declared scope; an Electron UI exposing modules. Each module runs in its own sandbox with a manifest declaring what it's allowed to do — allowed network, allowed ports, allowed data.
The log is append-only, encrypted, STIX 2.1 exportable. Three platforms supported (Windows, macOS, Linux) from a single codebase. The project was archived in late 2025 — it proved itself, but the pentest ecosystem moved to Burp Suite Enterprise and the ROI to maintain dropped.
3
audit
sandbox
Next ▸ 008
Moe's Coffee