The toolkit

Every feature.
Every tool.

A full breakdown of what each tool does, what it scans, and what it reports. No surprises when you plug it in.

SST
Security Scan Tool
Free

General purpose security scanner. Checks all the common places malware hides, cleans temp files, and saves a formatted report to the USB. No API key required. Works on any Windows 10/11 machine with no configuration.

Suspicious Processes
Checks all running processes against a list of known malware names — RATs, cryptominers, C2 frameworks, and keyloggers. Flags matches as HIGH.
Startup Entry Audit
Reviews all registry run keys and startup folders. Entries pointing to temp paths, encoded PowerShell, or suspicious locations are flagged HIGH. Others are flagged LOW for review.
Scheduled Task Audit
Lists all non-Microsoft scheduled tasks that are currently enabled. Each is flagged MEDIUM with an option to remove.
Network Connections
Shows all active external TCP connections with process names and remote IPs. External connections are flagged MEDIUM for review.
Installed Programs
Full installed program list logged to report. Flags known bloatware as LOW with an uninstall option.
Windows Defender
Checks AV enabled status, real-time protection, and definition date. Runs a quick scan and reports any detections. Flagged HIGH if disabled.
Temp File Cleanup
Checks user and Windows temp folder sizes, Recycle Bin contents, and Downloads folder. Shows sizes before prompting to clean.
Formatted Reports
Saves a plain text report and an HTML report to the Reports folder on the USB after every scan. Named by machine name and date.
AST
Advanced Scan Tool
Free

Corporate-grade scanner with 4-mode confidence-based remediation. Includes live threat intelligence via MalwareBazaar and VirusTotal, deeper system auditing, and mode-aware auto-remediation. Requires free API keys for live threat features.

Suspicious Processes
Expanded name-match against known malware processes. Flags matches as HIGH with mode-aware removal.
MalwareBazaar Hash Scan
SHA1 hashes every running process and cross-references against a live feed of known malware hashes. Pulls up to 800 fresh hashes per run across 8 file types. Falls back to local list if offline. Requires a free abuse.ch API key.
VirusTotal Cross-Reference
Optional per-run VT scan. Submits SHA256 hashes of flagged processes, processes with external connections, and processes from suspicious paths to VirusTotal's 70+ engine database. 5+ detections = HIGH. Requires a free VT API key.
Startup Entry Audit
Same as SST with additional severity scoring and mode-aware registry key removal.
Scheduled Task Audit
All non-Microsoft enabled scheduled tasks flagged MEDIUM with mode-aware unregister option.
Network Connection Audit
All active external TCP connections flagged MEDIUM. Processes with external connections are also fed into the VT cross-reference if enabled.
Open Port Scan
Lists all TCP listening ports. Non-standard ports are flagged MEDIUM. Common Windows service ports are logged as INFO.
Local Admin Audit
Lists all members of the local Administrators group. Each is flagged MEDIUM for review.
Installed Programs
Full program list with bloatware detection. Flags known bloatware as LOW with mode-aware uninstall option.
Windows Defender
Full version only. AV status, real-time protection, definition date, and live quick scan with detection reporting.
Temp File Cleanup
User and Windows temp folder cleanup. Mode 4 auto-cleans. All other modes prompt per folder.
Formatted Reports
Saves a plain text report and an HTML report with a summary dashboard (HIGH/MEDIUM/LOW/CLEAN counts) to the Reports folder on the USB.
Scan Modes
# Mode Behavior
1 Report Only Scans and logs all findings. Nothing is changed or removed. Safe to run on any machine at any time.
2 Prompt All Prompts before taking action on every finding regardless of severity. You decide what to keep or remove.
3 Semi-Auto Automatically removes HIGH severity findings. Prompts on MEDIUM. LOW findings are reported only.
4 Full Auto Automatically remediates all findings. Requires typing "yes" to confirm before the scan begins. Use with caution.
API Keys Required MalwareBazaar hash scanning requires a free key from auth.abuse.ch. VirusTotal cross-reference requires a free key from virustotal.com. Both keys are entered on first run and saved to config.txt on the USB — you only need to set them up once.
SCT
Storage Cleanup Tool
Free

Fast, focused disk cleanup. Clears the junk that accumulates on Windows machines without touching anything it shouldn't. Shows sizes before prompting. No configuration, no API keys, no dependencies.

Temp File Cleanup
Clears both the user temp folder (%TEMP%) and the Windows system temp folder (C:\Windows\Temp). Shows total size before asking to clean.
Recycle Bin
Shows item count and total size of the Recycle Bin before prompting to empty it. Never empties without confirmation.
Downloads Folder
Shows total size of the Downloads folder and prompts before clearing. Useful on machines that accumulate installer files over time.
Formatted Reports
Saves a plain text and HTML report showing what was cleaned, how much space was freed, and what was skipped. Saved to the Reports folder on the USB.
NST
Network Scan Tool
Coming Soon
In Development

NST is currently being built. The feature list below reflects the planned functionality at launch. No price has been set yet.

Ping Sweep
Scans your subnet and discovers all active hosts. Lists IP addresses, hostnames, and response times.
Rogue Device Detection
Flags unknown devices by MAC OUI and hostname. Helps identify devices that shouldn't be on the network.
VLAN Scanning
Visibility across VLANs in segmented environments. Built for homelabs where you actually care what's on each segment.
Port Scan
Open port enumeration on discovered hosts. Flags non-standard ports and unexpected services.
Device Fingerprinting
Identifies device type and OS from network responses. Helps map what's actually on your network.
Scan Reports
Full HTML and plain text report output saved to the USB. Same report format as the rest of the toolkit.