BreachSleuth is a local, offline tool for security practitioners — scan datasets, score risk, redact PII, and run AI investigation without data leaving your machine.
Built for security analysts who need fast, repeatable, offline-safe investigation workflows.
Recursively scans datasets of any size. Fingerprints files by magic bytes, detects mismatched extensions, and flags protected archives.
Opens ZIP, RAR, 7z, and tar archives automatically. Scans nested files for sensitive content without manual extraction.
Extracts and previews text from PDFs, Word documents, spreadsheets, emails, SQLite databases, and images via OCR.
Deterministic regex-based detection of credentials, PII, financial data, API keys, and confidentiality markers — no LLM required.
Deep-dive analysis using local Ollama models or the Claude API. Ask questions about any file or the entire dataset. Auto-detects available models.
Search with custom keywords or regex across all files. Export findings as HTML reports, CSV inventories, or IOC extracts.
Redact PII from the file preview before you read it, and optionally before it reaches any AI model. Originals are never modified.
Save and reload full investigation sessions as portable case files. SQLite-backed storage keeps your work between restarts.
Every analyst action — file views, risk changes, AI calls, case saves — is logged with a timestamp. Exportable for compliance and handoff.
BreachSleuth is being developed use-case by use-case, with each phase focused on a complete analyst workflow.
Full recursive scan with file fingerprinting, magic byte detection, type mismatch flagging, protected archive detection, and category breakdowns.
Automatic extraction and listing of contents inside ZIP, RAR, 7z, and tar archives. Risk scanning of nested files without manual unpacking.
Per-file content extraction (PDF, DOCX, XLSX, EML, SQLite, OCR), automatic risk scoring with highlighted previews, pattern search with regex support, and HTML/CSV report export.
Deep analysis using local Ollama models or Claude API. Ask questions about individual files or the full dataset. Batch analysis across all scanned files.
HTML narrative reports, CSV file inventories, and IOC extraction. Export findings to any folder for handoff and record-keeping.
Save and reload full investigation sessions as portable case files. SQLite-backed storage keeps all scan results and triage decisions between restarts.
Session-level PII redaction keeps sensitive data out of previews and AI models. Every analyst action is timestamped and logged to the case database, exportable for compliance.
One-click installers for macOS and Windows. Offline-capable deployment with no internet dependency after initial setup.
Breach data is sensitive by definition. BreachSleuth never sends your data anywhere.
Runs entirely on your machine. No cloud connectivity required for scanning, analysis, or reporting.
Integrates with Ollama for on-device AI analysis. Your data never leaves your environment.
Files are read and analysed in place. Nothing is copied, uploaded, or transmitted.
Designed for use in isolated environments. Suitable for sensitive investigations and classified datasets.
Redact PII from the analyst's view and optionally from AI prompts. Three modes: off, preview-only, or full redaction before any LLM call.
BreachSleuth is currently in private beta. Request access for your security team and we'll be in touch.