Active Development

Triage breach data.
Find what matters.

BreachSleuth is a local, offline security analyst tool for triaging and analysing leaked datasets — no cloud, no uploads, no exposure.

Coming Soon Currently in active development  ·  Request beta access
Capabilities

Everything you need to triage a breach

Built for security analysts who need fast, repeatable, offline-safe investigation workflows.

🗂

Folder Scan & Triage

Recursively scans datasets of any size. Fingerprints files by magic bytes, detects mismatched extensions, and flags protected archives.

📦

Archive Extraction

Opens ZIP, RAR, 7z, and tar archives automatically. Scans nested files for sensitive content without manual extraction.

🔍

Content Extraction

Extracts and previews text from PDFs, Word documents, spreadsheets, emails, SQLite databases, and images via OCR.

⚠️

Automatic Risk Scoring

Deterministic regex-based detection of credentials, PII, financial data, API keys, and confidentiality markers — no LLM required.

🤖

LLM Analysis & Chat

Deep-dive analysis using local Ollama models or the Claude API. Ask questions about any file or the entire dataset.

📄

Pattern Search & Reports

Search with custom keywords or regex across all files. Export findings as HTML reports or CSV inventories.

High — Credentials, keys, credit cards, SSNs
Medium — PII, emails, phones, addresses, DOBs
Low — Confidentiality markers, hashes, URLs
None — Clean files
breachsleuth — scan results
Scanning /datasets/acmecorp_breach ... Found 14 files across 4 subfolders Filename Risk Patterns Matched ──────────────────────────────────────────────────────── db_backup.sql HIGH Password in config · SSN (US) · Credential Pair (5) credential_dump.zip HIGH AWS Access Key · Credential Pair · Secret/Token breach_notification.eml HIGH Password in config · AWS Access Key · Email Address payment_records.txt HIGH Credit Card (7) · IBAN (2) user_records.csv MEDIUM Email · Phone · DOB · Street Address · UK Postcode internal_report.txt MEDIUM IBAN · IP Address · Confidential Marker config.env HIGH AWS Access Key · Secret/Token · Password in config clean_notes.txt NONEScan complete in 1.4s · 8 files · 5 High · 2 Medium · 1 None
Roadmap

What's being built

BreachSleuth is being developed use-case by use-case, with each phase focused on a complete analyst workflow.

1
Complete

UC1 — Folder Scan & Triage

Full recursive scan with file fingerprinting, magic byte detection, type mismatch flagging, protected archive detection, and category breakdowns.

2
Complete

UC2 — Archive Extraction

Automatic extraction and listing of contents inside ZIP, RAR, 7z, and tar archives. Risk scanning of nested files without manual unpacking.

3
Complete

UC3 — Content Extraction & Risk Highlighting

Per-file content extraction (PDF, DOCX, XLSX, EML, SQLite, OCR), automatic risk scoring with highlighted previews, pattern search with regex support, and HTML/CSV report export.

4
Complete

UC4 — LLM Analysis & Chat

Deep analysis using local Ollama models or Claude API. Ask questions about individual files or the full dataset. Batch analysis across all scanned files.

5
In Progress

UC5 — Structured Reporting

Formal incident-ready reports per dataset with executive summary, risk breakdown, findings inventory, and timeline of detected indicators.

6
Planned

UC6 — Session & Case Management

Save and resume investigation sessions. Manage multiple cases simultaneously with notes, annotations, and audit history.

7
Planned

UC7 — Distribution & Packaging

One-click installers for macOS and Windows. Offline-capable deployment with no internet dependency.

Privacy & Security

Local first. Always.

Breach data is sensitive by definition. BreachSleuth never sends your data anywhere.

🔒

Fully Offline

Runs entirely on your machine. No cloud connectivity required for scanning, analysis, or reporting.

🖥

Local LLM Support

Integrates with Ollama for on-device AI analysis. Your data never leaves your environment.

📁

No Uploads

Files are read and analysed in place. Nothing is copied, uploaded, or transmitted.

Air-Gap Safe

Designed for use in isolated environments. Suitable for sensitive investigations and classified datasets.

Early Access

Request beta access

BreachSleuth is currently in private beta. Request access for your security team and we'll be in touch.