[ GHOST 2210 ] // DEFENSIVE SECURITY TOOLKIT // ACTIVE

GHOST 2210
CREW OPERATIONS

38 browser-based security tools for threat intelligence, vulnerability management, critical infrastructure monitoring, threat detection, and log analysis. No install required.

// Built with humans and AI — defending the homeland

🇺🇸

38 Tools
9 Free
8 AI-Powered
4 User Guides

Ghost 2210 eliminates the gap between what defenders need and what they can afford. Enterprise-grade threat intelligence, incident response, situational awareness, and a live cyber battlefield picture — 36 tools, zero installation, always free to access. All data sources TLP:CLEAR. Built with humans and AI — defending the homeland 🇺🇸

📈
Command & Operations
4 tools
  • Cyber Battlefield Map — live global attack arcs
  • Executive COP Dashboard — 16 CI sector reports
  • OSINT Morning Brief — 8 intel feeds
  • Asset Inventory — CVE exposure tracking
🔍
Threat Intelligence
10 tools
  • Nation-state actor profiles & APT mapping
  • Ransomware group tracker
  • IP Intel, Link Verifier, Credential Monitor
  • AI deepfake & video detection
  • Submarine cable threat tracker
  • CI Threat Map — all 16 CISA sectors
🔒
Vulnerability Management
7 tools
  • CISA KEV catalog — live search
  • SSVC/EPSS patch priority ranker
  • Attack surface mapper (passive)
  • Port scanner + historical comparison
  • DNSSEC validator (BOD 18-01)
  • F5, Nessus, hardware & EOL checks
🚨
Detection & Response
10 tools
  • Real-time IDS — 32 MITRE ATT&CK rules
  • AI IR playbooks (NIST/SANS/ATT&CK)
  • Log analyzer + PCAP — 100% local
  • Phishing email + attachment sandbox
  • KEV detection signatures (Sigma/Snort/YARA)
  • Botnet IOC, DNSSEC, Hardware ID, ATG map
🌊
Situational Awareness
5 tools
  • Maritime AIS — shadow fleet, 12 chokepoints
  • Aircraft tracker — emergency squawk alerts
  • Satellite status — 9 constellations
  • Telecom grid monitor — carrier health
  • Radio frequency + live SDR (111 freqs)
🎓
Training & Awareness
1 tool
  • AI phishing simulations — 10 templates
  • 4 difficulty levels (Basic → Nation-state)
  • Red flag analysis with severity ratings
  • Interactive awareness quiz
  • Authorized training programs only
// Operational Use Cases
⚔️ Global Threat Picture
Tools 36, 33, 10
Battlefield Map shows live attack arcs from 12 nation-state actors. COP Dashboard: 16 CI sector threat reports. Morning Brief: 8 feeds in 60 seconds.
🔒 Ransomware Response
Tools 29, 31, 24, 01, 13
IR playbook in 30 seconds. Real-time IDS on logs. PCAP analysis. Attacker IP enrichment. Ransomware group identification. NIST SP 800-61r2 aligned.
📋 KEV Patch Prioritization
Tools 02, 06, 32, 18
KEV check. SSVC/EPSS priority rank. Asset exposure scan via Shodan. Deploy Sigma/Snort/YARA compensating controls while patches stage.
🎬 Deepfake Investigation
Tools 35, 14, 34
AI video analysis with local frame extraction. Photo identity forensics. Malicious link verification of media source URL. CEO fraud / synthetic media detection.
🌊 Maritime Threat Monitoring
Tools 36, 07, 15, 25, 26
Battlefield Map: chokepoints and cable routes. AIS live tracking. Shadow fleet detection. Submarine cable threats. Satellite and telecom comms resilience.
🎣 Security Awareness Campaign
Tools 30, 19, 34
AI phishing simulation with red flag analysis and quiz. Email forensic analysis. Link verification. 10 templates, 4 difficulty levels including nation-state quality.
// Sector-Specific Value
Sector / Role Primary Tools Key Value
Government / SLTT10, 02, 06, 17, 20, 29Morning brief auto-generated. BOD 18-01 DNSSEC compliance. CI Threat Map for leadership. IR playbooks before incidents.
Healthcare / Hospital02, 06, 19, 22, 24, 29KEV patching for medical devices. Ransomware IR playbooks. Phishing defence. Log analysis for HIPAA incident detection.
Energy / Utilities04, 17, 22, 25, 26, 29ATG exposure map. ICS/OT IR playbook. Comms resilience monitoring. Nation-state threat tracking for energy sector.
Maritime / Port Security07, 25, 26, 28, 15Live AIS vessel tracking. Shadow fleet detection. Submarine cable threats. Emergency comms backup monitoring.
SOC / MSSP Analyst36, 10, 02, 31, 18, 32Daily brief in one click. Detection rule generation. Log and PCAP analysis. Attack surface enumeration for clients.
Incident Responder29, 24, 01, 19, 22, 13IR playbook in 30 seconds. Log and PCAP analysis. IP enrichment. Phishing forensics. Ransomware group ID.
CISO / Security Manager36, 33, 10, 17, 29, 32Executive morning brief. CI Threat Map for leadership reporting. Patch priority decisions. Exposure trend tracking.
Emergency Management25, 26, 27, 28, 07, 10Telecom outage detection. Satellite comms status. Aircraft situational awareness. Radio frequency monitoring.
Small / Underfunded TeamAll 36 toolsEnterprise-grade capability at zero cost. Deploy in 30 seconds. No installation, no licensing, no ongoing cost.
// Key Differentiators
Zero installation — browser only Free to deploy on Cloudflare Pages All sources TLP:CLEAR 100% local for PCAP, logs & video NIST · MITRE · CISA · BOD 18-01 aligned No telemetry · No tracking · No vendor No server to maintain AI optional — 27 tools need no API key Live attack arcs — Cyber Battlefield Map Deepfake detection — local frame analysis
// Deploy in 30 Seconds
1Go to pages.cloudflare.com → Create → Upload assets
2Drag and drop ghost2210-toolkit.zip into the upload box
3Click Deploy site — live in under 30 seconds
4Share the *.pages.dev URL with your team — done
Cost: $0
Cloudflare Pages free tier
Unlimited requests/month
HTTPS by default
Global CDN — no server
AI Tools (optional)
Anthropic API key
~$10–20/month for teams
console.anthropic.com
DEFEND ALWAYS 🛡️
AI Tools require an Anthropic API key
Paste your key in the top-right of any AI tool · ~$10–20/month for a small team
Get API Key →
📈 Command & Operations
4 tools · Battlefield Map · COP · Morning Brief · Assets
36LIVE
⚔️
Cyber Battlefield Map
Global cyber threat operations picture. Live animated attack arcs between nation-state actors and targets. 12 threat actors (Volt Typhoon, Salt Typhoon, APT29, Lazarus, CyberAv3ngers), 12 maritime chokepoints, submarine cable routes, CI targets, KEV exposure markers, real-time attack feed, Intel side panel, threat ticker. Layer toggles. Integrates with Tool 32 asset data. Fullscreen wall display ready.
33LIVE
📈
Executive COP Dashboard
Full-screen Common Operating Picture. Threat level meter, KEV patch ticker, 16 CI sector cards (click for detailed reports), live intel feed, detection alerts, asset exposure, comms status. Auto-refreshes every 5 minutes. Built for the wall screen.
10AI
☀️
OSINT Morning Brief
Daily threat intelligence brief aggregating CISA, FBI, NSA, US-CERT, ThreatFox, Exploit-DB, GitHub, and MITRE ATT&CK. AI synthesis with executive summary, scorecard, nation-state tracker, live IOC feed, and immediate action items. Print/PDF and HTML export.
32Free
🗂️
Asset Inventory Tracker
Browser-based CMDB with live CVE exposure tracking. Scans IPs via Shodan InternetDB (free, no key). Cross-references CVEs against CISA KEV. Risk score per asset. Dashboard, CSV import/export, print report. 100% local storage.
🔍 Threat Intelligence
10 tools · Nation-State · APT · Ransomware · IOC · Deepfake · Credential
11AI
🏴
Threat Actor Profiles
12 nation-state and criminal APT group profiles with AI-updated intelligence on TTPs, recent campaigns, targeted sectors, and IOCs. Covers Salt Typhoon, Volt Typhoon, APT29, Lazarus, CyberAv3ngers, Scattered Spider, and more.
12AI
🗺️
APT Exposure Map
Visualizes APT group targeting by sector and geography. Select your industry and region to get an AI-generated exposure assessment showing which threat actors target you and recommended mitigations.
13AI
🔒
Ransomware Group Tracker
Tracks 12 active ransomware groups with AI-updated activity reports, victim counts, ransom demands, TTPs, targeted sectors, and decryptor availability. Identifies groups by attack patterns and ransom note characteristics.
17AI
🏛️
CI Threat Map
16 CISA critical infrastructure sectors with threat actor mapping and current threat levels. AI generates a leadership briefing report for your sector. Includes recent incidents, threat actors, and recommended defensive actions.
01Free
🌐
IP Intelligence Checker
IP geolocation, ISP, ASN, Shodan open ports and CVEs, threat tags (TOR, VPN, scanner, CDN, botnet), risk score 0–100. GIS map visualization. Identifies attacker infrastructure and checks C2 IPs from incident logs.
34Free
🔗
Malicious Link Verifier
15-point heuristic engine plus URLScan.io, PhishTank, VirusTotal, and Google Safe Browsing. Detects phishing, payload delivery, typosquatting, brand impersonation, URL shorteners, punycode, double extensions. Verdict: PHISHING / MALWARE / SUSPICIOUS / CLEAN. Bulk URL support.
09Free
🔑
DarkWatch Credential Monitor
Credential breach monitoring via HaveIBeenPwned k-Anonymity API. Check email addresses for breach exposure. Password check via partial SHA-1 hash — passwords never transmitted. Bulk email checking supported.
14AI
📷
Photo Identity Analyzer
AI forensic analysis of images for identity theft detection, metadata extraction, and authenticity assessment. Identifies manipulation, deepfakes, and suspicious characteristics. For authorized investigative use only.
35AI
🎬
AI Video & Deepfake Checker
Detects AI-generated video, deepfakes, face swaps, and synthetic media. Local frame extraction via Canvas API — video never transmitted. Heuristic analysis: facial boundary artifacts, lighting inconsistencies, GAN fingerprints, edge anomalies, metadata forensics. Claude AI visual analysis of extracted frames with structured deepfake verdict. Supports MP4, MOV, AVI, WEBM, JPG, PNG. Text report export.
15AI
🌊
Submarine Cable Tracker
Global submarine cable status and incident intelligence with AI analysis. Maps active and cut cables, landing stations, and high-risk segments. Critical for maritime and telecommunications operators monitoring infrastructure threats.
🔒 Vulnerability Management
8 tools · KEV · EPSS · SSVC · Shodan · EOL · Sector Intel
02Free
🔴
KEV Scanner
Live CISA Known Exploited Vulnerabilities catalog search. Every CVE actively exploited in the wild with vendor, product, due date, and required action. Built-in Sigma, Snort/Suricata, and YARA detection signature generation per CVE.
06Free
📊
KEV Patch Priority Ranker
Paste CVE IDs from your scanner output. Tool ranks by EPSS exploitability score and SSVC decision tree, delivering ACT / ATTEND / TRACK+ / TRACK decisions. Tells you exactly which CVEs to fix first. CSV export.
21Free
🔌
Port Scanner + History
Passive port scanning via Shodan InternetDB — no active scanning, no noise. Historical snapshot comparison detects new port exposures since last scan. Bulk IP support. HTML, CSV, and PDF export.
23Free
🗺️
Attack Surface Mapper
Passive subdomain enumeration via CT logs, DNS brute force, and Shodan. Maps exposed services, tech stack fingerprinting, email security (SPF/DKIM/DMARC), security headers, and known CVEs. No active scanning.
05Free
EOL Checker
Device and software end-of-life status lookup. Identifies unsupported systems that cannot receive security patches. Covers OS, databases, frameworks, network devices, and embedded systems. Bulk checking supported.
03Free
F5 Vulnerability Scanner
CVE checker for F5 BIG-IP products covering 2020–2026. One of the most targeted enterprise platforms. Immediate risk assessment, patch links, and detection rules for every known F5 vulnerability including iControl REST RCE.
38Free
🏭
Sector CVE Intelligence
CVE intelligence filtered by CISA critical infrastructure sector. 10 sectors: Energy, Water, Comms, Healthcare, Financial, Government, Defense, Transport, Manufacturing, Emergency Services. Active threat actor overlay per sector. KEV cross-reference, EPSS scores, exploit indicators. AI sector brief. One-click integration with Tools 02, 06, 18, 29, 31, 33. Send CVE list directly to Patch Ranker. CSV export.
16AI
🔬
Nessus Integration Dashboard
Connects to live Nessus API or accepts .nessus file upload. Cross-references all findings against CISA KEV. AI-powered triage and remediation prioritization. Generates executive summary and patch priority recommendations.
🚨 Detection & Incident Response
10 tools · IDS · IR Playbooks · Log Analysis · PCAP · Phishing
31LIVE
🚨
Real-Time Intrusion Detection
32 MITRE ATT&CK-mapped detection rules firing in real time. Paste logs, upload files, or run live simulation. Covers SSH/RDP brute force, credential dumping, ransomware, C2 beacons, web shells, lateral movement, defense evasion, and exfiltration. CSV export.
29AI
📋
IR Playbook Builder
AI-generates complete IR playbooks from attack descriptions in 30 seconds. 12 preset scenarios. NIST SP 800-61r2, SANS PICERL, or MITRE ATT&CK aligned. Phase-by-phase steps, MITRE mapping, IOC hunt list, and stakeholder comms templates.
24Free
📜
Log Analyzer + PCAP
Browser-side log analysis with 18 MITRE ATT&CK-mapped detection rules. Supports syslog, Windows Event Log, SSH, Apache, nginx, and auditd. PCAP upload and network capture parsing — 100% local, nothing transmitted.
19AI
🎣
Phishing Email Validator
Full phishing analysis: SPF/DKIM/DMARC validation, sender spoofing detection, URL inspection, AI verdict with confidence score, IOC extraction, and attachment static analysis sandbox — 100% local, no files uploaded.
18Free
📡
KEV Detection Signatures
Production-ready Sigma (SIEM), Snort/Suricata (IDS), and YARA (malware) rules for every CISA KEV entry. Deploy compensating detection rules while patches are being staged. One-click copy to clipboard.
22Free
🦠
Botnet IOC Scanner
Checks IPs, domains, and hashes against JDY botnet IOC feed plus STIX/TAXII-imported threat feeds. Bulk target scanning. STIX 2.0 and TAXII 2.1 import for custom threat intelligence feeds.
20Free
🔐
DNSSEC Validator
Full DNSSEC chain-of-trust validation. Bulk CSV domain scanning. CISA BOD 18-01 compliance dashboard for .gov domains. Checks SPF, DKIM, DMARC, CAA, and MTA-STS. Exportable compliance reports.
08Free
💾
Hardware Identifier
MAC address, USB device, and PCI hardware identification using the IEEE OUI database. Rogue device detection — identify unknown hardware on your network by manufacturer. Bulk MAC lookup supported.
04Free
ATG Exposure Map
Maps US internet-exposed automated tank gauge infrastructure. Critical for energy, fuel storage, and water sector operators. Identifies ICS/SCADA systems accessible from the internet — a top CyberAv3ngers target vector.
🌊 Situational Awareness
5 tools · Maritime · Aircraft · Satellite · Telecom · Radio
07Free
🚢
Global Ship Traffic Monitor
Live maritime AIS vessel tracking with shadow fleet detection, 12 strategic chokepoint monitoring, and submarine cable corridor proximity alerts. OpenSeaMap overlay. Shadow fleet vessels highlighted. Vessel detail cards with flags and cargo type.
27Free
✈️
Aircraft Tracker
Live ADS-B aircraft tracking via OpenSky Network. Military, medical, and cargo classification. Emergency squawk code alerts: 7700 (emergency), 7600 (radio failure), 7500 (hijack). Flight path history and position data.
26Free
🛰️
Satellite Comms Monitor
Status of 9 satellite constellations: Starlink, Iridium, Inmarsat, OneWeb, O3b/SES, ViaSat-3, Globalstar, Kuiper, and Thuraya. Animated orbital diagram. Communications continuity priority order and backup planning guidance.
25Free
📡
Telecom Grid Monitor
Live connectivity checks across 12 major carriers (AT&T, Verizon, T-Mobile, Comcast, BT, Deutsche Telekom). BGP/ASN health via RIPE NCC. DNS resolver status. Active incident feed. Comms continuity readiness checklist.
28Free
📻
Radio Frequency Monitor + SDR
111 frequencies across VHF, UHF, HF, AM, FM, SSB, SW, CB, and satellite L-band. TUNE button on every row opens a live WebSDR receiver. Emergency frequencies highlighted. NOAA WX, aviation guard, maritime Ch 16, national interop channels.
🎓 Security Awareness & Training
2 tools · Phishing Simulations · Red Flag Analysis · Awareness Quiz
30AI
🎣
Phishing Simulation Builder
AI-generated phishing simulations for authorized security awareness training. 10 preset templates (credential harvest, BEC, IT alert, SharePoint, payroll, invoice, MFA bypass, smishing, HR benefits, vendor fraud). 4 difficulty levels. Red flag analysis, training content, and interactive quiz.
📰 Live Intelligence
1 tool · 10 live feeds · CVE detection · KEV cross-reference · AI synthesis
37LIVE
📰
Vulnerability News Aggregator
3-column live intelligence dashboard. Left: security news from Bleeping Computer, The Hacker News, Dark Reading, Krebs on Security, SANS ISC, SecurityWeek — CVEs auto-detected and highlighted. Center: CVE & advisory feed from CISA, NVD, GitHub Security, Exploit-DB — sorted by severity with KEV badges and CVSS scores. Right: trending CVEs, vendor mentions, active exploitation alerts, AI synthesis. Keyword filter, CSV export, auto-refreshes every 15 minutes. Click any CVE to open in KEV Scanner.
User Guides
5 guides · Word format
🧩 Browser Extension — Chrome & Edge 🏭 Sector CVE Intelligence Guide — Tool 38 📋 Capability Brief v2.0 — All 36 Tools 📘 User Guide v5.0 — All 33 Tools 📗 KEV Patch Ranker Guide 📙 Nessus Dashboard Guide 📕 CI Threat Map Guide v3