DEV Community: Czax225 The latest articles on DEV Community by Czax225 (@czax225). https://dev.to/czax225 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3670708%2F5a5c6cd9-3d89-41be-bae2-22f717ecb3cd.png DEV Community: Czax225 https://dev.to/czax225 en Stop Fighting Go GUIs: Build Sleek Desktop Apps in Pure Go with Proton Czax225 Mon, 01 Jun 2026 12:12:34 +0000 https://dev.to/czax225/stop-fighting-go-guis-build-sleek-desktop-apps-in-pure-go-with-proton-4ph2 https://dev.to/czax225/stop-fighting-go-guis-build-sleek-desktop-apps-in-pure-go-with-proton-4ph2 <p>The state of GUI development in Go has always been a bit complicated.</p> <p>You either have to wrestle with heavy C-dependencies like GTK and Qt bindings that make cross-compiling a nightmare, or settle for web-view frameworks that turn a simple desktop utility into a 150MB RAM-hogging Electron clone.</p> <p>If you love Go for its simplicity, speed, and single-binary deployment, your GUI library should look and feel the same way.</p> <p>That is exactly why I built Proton.</p> <h1> What is Proton? </h1> <p>Proton is a lightweight, pure-Go GUI framework built on top of the incredibly fast Gio engine. It utilizes an immediate-mode architecture, meaning your UI renders dynamically every single frame.</p> <p>The philosophy behind Proton is straightforward: Zero C-dependencies, ultra-fast performance, and a developer experience that does not make you want to pull your hair out.</p> <h1> Here is why it works so well: </h1> <p>Pure Go: No cgo required. Cross-compiling actually works out of the box.</p> <p>Featherweight: Tiny binary sizes and low resource usage.</p> <p>Immediate Mode: Your state lives directly in your code. No complex data-binding boilerplate.</p> <p>Themeable: Comes with built-in palettes like Catppuccin, Nord, and Rose Pine.</p> <h1> See it in Action: The 5-Minute Setup </h1> <p>Here is a complete, self-contained application with an input box, a button, and basic text handling in just a few lines of code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="s">"github.com/CzaxStudio/proton"</span> <span class="k">type</span> <span class="n">UI</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">name</span> <span class="n">proton</span><span class="o">.</span><span class="n">Editor</span> <span class="n">btn</span> <span class="n">proton</span><span class="o">.</span><span class="n">Clickable</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">u</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">UI</span><span class="p">{}</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">proton</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"My First Proton App"</span><span class="p">)</span> <span class="c">// Apply a theme instantly</span> <span class="n">a</span><span class="o">.</span><span class="n">ApplyPalette</span><span class="p">(</span><span class="n">proton</span><span class="o">.</span><span class="n">CatppuccinPalette</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Window</span><span class="p">(</span><span class="s">"Hello Proton"</span><span class="p">,</span> <span class="m">480</span><span class="p">,</span> <span class="m">300</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">win</span> <span class="o">*</span><span class="n">proton</span><span class="o">.</span><span class="n">Win</span><span class="p">)</span> <span class="p">{</span> <span class="n">proton</span><span class="o">.</span><span class="n">H3</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="s">"Welcome to Go GUIs done right"</span><span class="p">)</span> <span class="n">proton</span><span class="o">.</span><span class="n">Gap</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="m">12</span><span class="p">)</span> <span class="c">// Interactive Input</span> <span class="n">proton</span><span class="o">.</span><span class="n">Input</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">u</span><span class="o">.</span><span class="n">name</span><span class="p">,</span> <span class="s">"What is your name?"</span><span class="p">)</span> <span class="n">proton</span><span class="o">.</span><span class="n">Gap</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="m">12</span><span class="p">)</span> <span class="c">// Immediate-mode button handling</span> <span class="k">if</span> <span class="n">proton</span><span class="o">.</span><span class="n">Button</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">u</span><span class="o">.</span><span class="n">btn</span><span class="p">,</span> <span class="s">"Greet Me"</span><span class="p">)</span> <span class="p">{</span> <span class="nb">println</span><span class="p">(</span><span class="s">"Hello, "</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">Text</span><span class="p">())</span> <span class="p">}</span> <span class="p">})</span> <span class="n">a</span><span class="o">.</span><span class="n">Run</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <h2> Layouts Without the Headache </h2> <p>If you have ever used Gio directly, you know that managing layouts and constraints can require a lot of nesting. Proton abstracts that complexity away into intuitive layout functions:</p> <p>Stacking: Arrange components cleanly using Row(win, ...) and Column(win, ...).</p> <p>Flexibility: Use GrowRow alongside GrowItem and FixedItem to create responsive sidebars and expanding content panes.</p> <p>Proportions: Instantly split screens using Split(win, 0.25, leftSide, rightSide) for instant dashboard layouts.</p> <p>Spacing: Fine-tune visuals cleanly with Pad(), PadH(), and Gap()<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Example of a quick responsive layout split</span> <span class="n">proton</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">win</span><span class="p">,</span> <span class="m">0.25</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">left</span> <span class="o">*</span><span class="n">proton</span><span class="o">.</span><span class="n">Win</span><span class="p">)</span> <span class="p">{</span> <span class="n">proton</span><span class="o">.</span><span class="n">Label</span><span class="p">(</span><span class="n">left</span><span class="p">,</span> <span class="s">"Sidebar Navigation"</span><span class="p">)</span> <span class="p">},</span> <span class="k">func</span><span class="p">(</span><span class="n">right</span> <span class="o">*</span><span class="n">proton</span><span class="o">.</span><span class="n">Win</span><span class="p">)</span> <span class="p">{</span> <span class="n">proton</span><span class="o">.</span><span class="n">H1</span><span class="p">(</span><span class="n">right</span><span class="p">,</span> <span class="s">"Main Content Dashboard"</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <h2> Real Features for Real Apps </h2> <p>Proton is not just a proof-of-concept for text and buttons. It includes the actual utilities you need to build functional software:</p> <p>Virtualized Lists: List() and HList() only render what is visible on screen, letting you scroll through thousands of rows smoothly without breaking a sweat.</p> <p>Keyboard Shortcuts: Global hotkeys are a first-class citizen. Fire events using proton.OnKey(win, key.ModCtrl, "S", saveFunc).</p> <p>Async Notifications: Show modern, non-blocking toast notifications safely from any background goroutine using u.toast.Show("Saved!", 2 * time.Second).</p> <p>Asset Embedding: Includes a simple built-in CLI tool (Proton logo path/to/img.png) that caches and bakes assets directly into your binary.</p> <h2> Try it out </h2> <p>Ready to ditch the heavy web frameworks and complex C bindings? Getting started takes seconds. Just initialize your Go module and pull the library:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>myapp <span class="o">&amp;&amp;</span> <span class="nb">cd </span>myapp go mod init myapp go get github.com/CzaxStudio/proton </code></pre> </div> <p>If you are on Linux, just grab your standard graphics drivers (libwayland-dev, libxkbcommon-dev, libvulkan-dev). Windows and macOS users need zero extra system dependencies.</p> <p>The project is completely open-source and moving fast. Check out the example applications, including a fully functional Calculator and a CyberTool showcase, directly in the repository.</p> <p>Take a look at the Proton GitHub Repository, try out the examples, and let me know what you think in the comments. I am curious to see what you build with it.</p> <p>If you like it then please star the Repo </p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://assets.dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/CzaxStudio" rel="noopener noreferrer"> CzaxStudio </a> / <a href="https://github.com/CzaxStudio/proton" rel="noopener noreferrer"> proton </a> </h2> <h3> A framework for building GUI applications in Go, Stay positive :) </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">Proton</h1> </div> <p>A GUI library for Go. Built on <a href="https://gioui.org" rel="nofollow noopener noreferrer">Gio</a>. No C deps, pure Go.</p> <div class="markdown-heading"> <h2 class="heading-element">Example apps (made using Proton)</h2> </div> <div class="markdown-heading"> <h3 class="heading-element">Note: These are very basic, you can make even better apps.</h3> </div> <p><a rel="noopener noreferrer" href="https://private-user-images.githubusercontent.com/251837336/600829447-c8e48374-7e98-41c5-9d46-4427a007b02b.gif?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwODI5NDQ3LWM4ZTQ4Mzc0LTdlOTgtNDFjNS05ZDQ2LTQ0MjdhMDA3YjAyYi5naWY_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1lMzZiNDQyYjJkOWNiODUwM2ZhMDIyYzUyNjMzNDY3YWQ5ZjM3NTQxNWZiMWNhNGJlOGM5ZjE2OWU2NmJmM2Y5JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZnaWYifQ.qXpbUSnEE4g7lOd4K6FRqxK9zjO7rhW8Ac5mDiXuy8M"><img width="813" height="508" alt="GUI demo" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fprivate-user-images.githubusercontent.com%2F251837336%2F600829447-c8e48374-7e98-41c5-9d46-4427a007b02b.gif%3Fjwt%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwODI5NDQ3LWM4ZTQ4Mzc0LTdlOTgtNDFjNS05ZDQ2LTQ0MjdhMDA3YjAyYi5naWY_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1lMzZiNDQyYjJkOWNiODUwM2ZhMDIyYzUyNjMzNDY3YWQ5ZjM3NTQxNWZiMWNhNGJlOGM5ZjE2OWU2NmJmM2Y5JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZnaWYifQ.qXpbUSnEE4g7lOd4K6FRqxK9zjO7rhW8Ac5mDiXuy8M" class="js-gh-image-fallback"></a><br> <a rel="noopener noreferrer" href="https://private-user-images.githubusercontent.com/251837336/600732901-d536a863-d010-4dc4-b223-b790b00c8478.PNG?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwNzMyOTAxLWQ1MzZhODYzLWQwMTAtNGRjNC1iMjIzLWI3OTBiMDBjODQ3OC5QTkc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wNjk2ODI2ZDkwNWYwNzBjZWY1YTc1Y2MxM2Q3MmU5OTFhMGNlMTgwNmJjMWMwOGYzMDEzODIzYmYzYzE0NTMwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.ULZ26cQRSMJSB1l1rKqVRfl0CwKhY0ReYc5q4CEF7aU"><img width="683" height="360" alt="Example app 2" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fprivate-user-images.githubusercontent.com%2F251837336%2F600732901-d536a863-d010-4dc4-b223-b790b00c8478.PNG%3Fjwt%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwNzMyOTAxLWQ1MzZhODYzLWQwMTAtNGRjNC1iMjIzLWI3OTBiMDBjODQ3OC5QTkc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wNjk2ODI2ZDkwNWYwNzBjZWY1YTc1Y2MxM2Q3MmU5OTFhMGNlMTgwNmJjMWMwOGYzMDEzODIzYmYzYzE0NTMwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.ULZ26cQRSMJSB1l1rKqVRfl0CwKhY0ReYc5q4CEF7aU" class="js-gh-image-fallback"></a></p> <div class="markdown-heading"> <h2 class="heading-element">Logo</h2> </div> <p><a rel="noopener noreferrer" href="https://private-user-images.githubusercontent.com/251837336/600733778-e044d0b8-a96f-4bc2-9df9-725a41a99ed2.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwNzMzNzc4LWUwNDRkMGI4LWE5NmYtNGJjMi05ZGY5LTcyNWE0MWE5OWVkMi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iZDFlYTA5YTVmN2JkN2QwYjlhYThiYmVjNWFiODFiN2VjZmVkZWQwM2FkNDY1ZTg3NzgyYTgzMDc4YWEwYjU3JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.0mB4F3saHj8FIq-su1uRUgJoE-KzMsUBg24X8nme32I"><img width="1254" height="1254" alt="Proton" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fprivate-user-images.githubusercontent.com%2F251837336%2F600733778-e044d0b8-a96f-4bc2-9df9-725a41a99ed2.png%3Fjwt%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzMTY0NDEsIm5iZiI6MTc4MDMxNjE0MSwicGF0aCI6Ii8yNTE4MzczMzYvNjAwNzMzNzc4LWUwNDRkMGI4LWE5NmYtNGJjMi05ZGY5LTcyNWE0MWE5OWVkMi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjAxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwMVQxMjE1NDFaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iZDFlYTA5YTVmN2JkN2QwYjlhYThiYmVjNWFiODFiN2VjZmVkZWQwM2FkNDY1ZTg3NzgyYTgzMDc4YWEwYjU3JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.0mB4F3saHj8FIq-su1uRUgJoE-KzMsUBg24X8nme32I" class="js-gh-image-fallback"></a></p> <div class="markdown-heading"> <h1 class="heading-element">Getting started</h1> </div> <div class="highlight highlight-source-go notranslate position-relative overflow-auto js-code-highlight"> <pre><span class="pl-k">package</span> main <span class="pl-k">import</span> <span class="pl-s">"github.com/CzaxStudio/proton"</span> <span class="pl-k">type</span> <span class="pl-smi">UI</span> <span class="pl-k">struct</span> { <span class="pl-c1">name</span> proton.<span class="pl-smi">Editor</span> <span class="pl-c1">btn</span> proton.<span class="pl-smi">Clickable</span> } <span class="pl-k">func</span> <span class="pl-s1">main</span>() { <span class="pl-s1">u</span> <span class="pl-c1">:=</span> <span class="pl-c1">&amp;</span><span class="pl-smi">UI</span>{} <span class="pl-s1">a</span> <span class="pl-c1">:=</span> <span class="pl-s1">proton</span>.<span class="pl-c1">New</span>(<span class="pl-s">"my app"</span>) <span class="pl-s1">a</span>.<span class="pl-c1">Window</span>(<span class="pl-s">"Hello"</span>, <span class="pl-c1">480</span>, <span class="pl-c1">300</span>, <span class="pl-k">func</span>(<span class="pl-s1">win</span> <span class="pl-c1">*</span>proton.<span class="pl-smi">Win</span>) { <span class="pl-s1">proton</span>.<span class="pl-c1">H3</span>(<span class="pl-s1">win</span>, <span class="pl-s">"Hello from Proton!"</span>) <span class="pl-s1">proton</span>.<span class="pl-c1">Gap</span>(<span class="pl-s1">win</span>, <span class="pl-c1">8</span>) <span class="pl-s1">proton</span>.<span class="pl-c1">Input</span>(<span class="pl-s1">win</span>, <span class="pl-c1">&amp;</span><span class="pl-s1">u</span>.<span class="pl-c1">name</span>, <span class="pl-s">"Your name"</span>) <span class="pl-s1">proton</span>.<span class="pl-c1">Gap</span>(<span class="pl-s1">win</span>, <span class="pl-c1">8</span>) <span class="pl-k">if</span> <span class="pl-s1">proton</span>.<span class="pl-c1">Button</span>(<span class="pl-s1">win</span>, <span class="pl-c1">&amp;</span><span class="pl-s1">u</span>.<span class="pl-c1">btn</span>, <span class="pl-s">"Go"</span>) { <span class="pl-s1">println</span>(<span class="pl-s">"Hello,"</span>, <span class="pl-s1">u</span>.<span class="pl-c1">name</span>.<span class="pl-c1">Text</span>())</pre>… </div> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/CzaxStudio/proton" rel="noopener noreferrer">View on GitHub</a></div> </div> go showdev tooling ui Just Built a Cybersecurity Scripting Language – Here's Why Czax225 Thu, 14 May 2026 07:07:05 +0000 https://dev.to/czax225/just-built-a-cybersecurity-scripting-language-heres-why-bc8 https://dev.to/czax225/just-built-a-cybersecurity-scripting-language-heres-why-bc8 <p>Spectator v2.0 is out. No Python. No Electron. Just one binary.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="n">target</span> <span class="p">=</span> <span class="s">"scanme.nmap.org"</span> <span class="k">do</span> <span class="err">→</span> <span class="nf">PortScan</span><span class="p">(</span><span class="n">target</span><span class="p">,</span> <span class="m">1</span><span class="p">,</span> <span class="m">1024</span><span class="p">)</span> <span class="k">do</span> <span class="err">→</span> <span class="nf">SSLInfo</span><span class="p">(</span><span class="n">target</span><span class="p">)</span> <span class="k">do</span> <span class="err">→</span> <span class="nf">HeaderAudit</span><span class="p">(</span><span class="n">target</span><span class="p">)</span> </code></pre> </div> <p>What makes it different:</p> <p>Security primitives built-in – PortScan, SQLiTest, PayloadGen, SubTakeover. No pip install rabbit holes.</p> <p>Native GUI – Real desktop tools without Electron's 100MB overhead. Windows/Linux/Mac.</p> <p>Space package manager – SHA-256 verified libraries. Supply-chain attacks? Blocked.</p> <p>Standalone builds – spectator build tool.str to scanner.exe for windows. No runtime needed.</p> <p>Example – Build a GUI scanner in 15 lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="err">#</span><span class="n">Import</span> <span class="n">Spec</span><span class="p">.</span><span class="n">GUI</span> <span class="n">open</span><span class="p">.</span><span class="nf">window</span><span class="p">({</span><span class="s">"title"</span><span class="p">:</span> <span class="s">"Recon"</span><span class="p">,</span> <span class="s">"bg"</span><span class="p">:</span> <span class="s">"#070b14"</span><span class="p">})</span> <span class="n">GUI</span><span class="p">.</span><span class="nf">input</span><span class="p">(</span><span class="s">"target"</span><span class="p">,</span> <span class="s">"Enter IP or domain"</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="nf">button</span><span class="p">(</span><span class="s">"Scan"</span><span class="p">,</span> <span class="s">"run"</span><span class="p">,</span> <span class="p">{</span><span class="s">"color"</span><span class="p">:</span> <span class="s">"#00d4aa"</span><span class="p">})</span> <span class="n">GUI</span><span class="p">.</span><span class="nf">output</span><span class="p">(</span><span class="s">"out"</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="k">on</span><span class="p">(</span><span class="s">"run"</span><span class="p">,</span> <span class="nf">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">t</span> <span class="p">=</span> <span class="n">GUI</span><span class="p">.</span><span class="k">get</span><span class="p">(</span><span class="s">"target"</span><span class="p">)</span> <span class="n">ips</span> <span class="p">=</span> <span class="nf">resolve</span><span class="p">(</span><span class="n">t</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="nf">print</span><span class="p">(</span><span class="s">"out"</span><span class="p">,</span> <span class="s">"→ "</span> <span class="err">→</span> <span class="k">join</span><span class="p">(</span><span class="n">ips</span><span class="p">,</span> <span class="s">", "</span><span class="p">))</span> <span class="p">})</span> <span class="nf">end</span><span class="p">()</span> </code></pre> </div> <p>Try it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">spectator</span> <span class="n">run</span> <span class="n">scan</span><span class="p">.</span><span class="n">str</span> <span class="n">spectator</span> <span class="n">space</span> <span class="k">get</span> <span class="n">coffee</span> </code></pre> </div> <p>Built for pentesters, red teamers, and security researchers who are tired of gluing tools together.</p> <p>GitHub: <a href="https://github.com/CzaxStudio/Spectator" rel="noopener noreferrer">https://github.com/CzaxStudio/Spectator</a><br> Website: <a href="https://spectatorcyber.pages.dev/" rel="noopener noreferrer">https://spectatorcyber.pages.dev/</a><br> Docs: <a href="https://github.com/CzaxStudio/SpectatorDocs/" rel="noopener noreferrer">https://github.com/CzaxStudio/SpectatorDocs/</a></p> <p>See Everything. Miss Nothing. </p> cybersecurity programming showdev tooling I wrote a .NET library for syscalls and process injection Czax225 Wed, 13 May 2026 15:52:21 +0000 https://dev.to/czax225/i-wrote-a-net-library-for-syscalls-and-process-injection-19ja https://dev.to/czax225/i-wrote-a-net-library-for-syscalls-and-process-injection-19ja <p>Been doing red team work in C# for a while. Kept rewriting the same P/Invoke blocks and syscall wrappers for every project. Got tired of it so I bundled everything into one library.</p> <p>SharpKit is a .NET 8 library for offensive operations. No external NuGet dependencies. Just System.Net.Http, System.Runtime.InteropServices, and System.Net.Sockets.</p> <p>What it does:</p> <p>Syscalls with runtime SSN extraction (parses ntdll in memory, no hardcoded numbers)</p> <p>Indirect syscall stubs with custom gadgets</p> <p>Process injection: CreateRemoteThread, NtCreateThreadEx, QueueUserAPC, process hollowing</p> <p>Win32 P/Invoke for kernel32, advapi32, ntdll</p> <p>Kerberos builders: AS-REQ, TGS-REQ, AP-REQ, S4U2Self, S4U2Proxy, kerberoast hash formatter</p> <p>HttpAgent with NTLM/Basic/Bearer auth and proxy support</p> <p>PacketCrafter for raw ARP, DNS, TCP, UDP</p> <p>Example for syscalls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">Syscalls</span><span class="p">.</span><span class="nf">Initialize</span><span class="p">();</span> <span class="kt">var</span> <span class="n">status</span> <span class="p">=</span> <span class="n">Syscalls</span><span class="p">.</span><span class="nf">NtAllocateVirtualMemory</span><span class="p">(</span><span class="n">procHandle</span><span class="p">,</span> <span class="k">ref</span> <span class="n">baseAddr</span><span class="p">,</span> <span class="n">IntPtr</span><span class="p">.</span><span class="n">Zero</span><span class="p">,</span> <span class="k">ref</span> <span class="n">size</span><span class="p">,</span> <span class="m">0x3000</span><span class="p">,</span> <span class="m">0x04</span><span class="p">);</span> </code></pre> </div> <p>The syscall module extracts SSNs at runtime so you don't need to hardcode them per Windows version. It also supports indirect dispatch via jmp r11 if you have a gadget.</p> <p>NuGet: SharpKit.Offensive<br> Docs: github.com/CzaxStudio/SharpKit-Docs<br> Repo: github.com/CzaxStudio/SharpKit</p> <p>Built for legal red teaming and research. Feedback welcome.</p> csharp cybersecurity redteaming nuget Title: Ferrum Studio: A Native IDE Built Exclusively for Nim (No Electron, ~12MB) Czax225 Sat, 02 May 2026 13:02:56 +0000 https://dev.to/czax225/title-ferrum-studio-a-native-ide-built-exclusively-for-nim-no-electron-12mb-294n https://dev.to/czax225/title-ferrum-studio-a-native-ide-built-exclusively-for-nim-no-electron-12mb-294n <p>Every IDE that supports Nim does it as an afterthought. You install a language server plugin, bolt it onto VS Code or Sublime, and hope the latest update didn't break something.</p> <p>I wanted something different.</p> <p>So I built Ferrum Studio — a lightweight, native desktop IDE built from the ground up exclusively for Nim.</p> <p><a href="https://github.com/user-attachments/assets/621bf84f-a3b5-4f1c-a7d4-85e3b3e83247" rel="noopener noreferrer">https://github.com/user-attachments/assets/621bf84f-a3b5-4f1c-a7d4-85e3b3e83247</a></p> <p>No Electron. No bundled Chromium. No 300MB of RAM just to open a file.</p> <p>Cold start: &lt; 1 second</p> <p>RAM usage (idle): ~35 MB</p> <p>Binary size: ~12 MB (Windows)</p> <p>Built with Go + Wails, not JavaScript + Node. The backend is compiled Go, the frontend is a native WebView, and the whole thing talks across an auto-generated bridge.</p> <h1> What Makes Ferrum Different? </h1> <p>Most editors treat Nim as a plugin. Ferrum treats Nim as the only thing that matters.</p> <p>Every feature — snippets, error messages, templates, shortcuts — is designed around how Nim developers actually work.</p> <p>Editor Features<br> Nim syntax highlighting (kept current with new keywords)</p> <p>Smart indentation (whitespace-aware)</p> <p>Dot-aware autocomplete</p> <p>Snippets support</p> <p>Inline error squiggles</p> <p>Multi-tab editing</p> <p>Quick open (Ctrl+P)</p> <h1> Nim Integration </h1> <p>F5 → Run (nim c -r)</p> <p>F6 → Run with arguments</p> <p>F7 → Build</p> <p>F8 → Test</p> <p>Format via nim pretty</p> <p>Fast diagnostics via nim check</p> <p>Interactive stdin support</p> <p>Problems Panel<br> Clean error explanations with fix suggestions. Click any error to jump directly to the line. No more cryptic compiler output — Ferrum translates common errors into plain English.</p> <h1> Templates </h1> <p>One-click project templates for:</p> <p>CLI App</p> <p>Library</p> <p>Web App</p> <p>Async App</p> <p>Metaprogramming examples</p> <h1> Terminal </h1> <p>Integrated terminal with ANSI colors, command history, and full interactive input support. Plus a "Nim Treasure Map" sidebar with curated code gems for common patterns.</p> <h1> Contributing </h1> <p>Contributions are welcome. The best places to help:</p> <p>Add more error explanations in enhancements.js</p> <p>Keep the syntax highlighter updated with new Nim keywords</p> <p>Test on macOS/Linux</p> <p>Build a light theme</p> <p>Note on AI usage: The frontend UI was partially assisted by AI tools. The core backend and architecture were implemented manually.</p> <h1> Links </h1> <p>Repository: <a href="https://github.com/CzaxStudio/Ferrum-Studio" rel="noopener noreferrer">https://github.com/CzaxStudio/Ferrum-Studio</a><br> Website: <a href="https://czaxstudio.github.io/Ferrum-Studio/" rel="noopener noreferrer">https://czaxstudio.github.io/Ferrum-Studio/</a></p> go performance showdev tooling Building Your First Cybersecurity Tool with Spectator: A New Language for Pentesters Czax225 Wed, 29 Apr 2026 05:39:14 +0000 https://dev.to/czax225/building-your-first-cybersecurity-tool-with-spectator-a-new-language-for-pentesters-2fm9 https://dev.to/czax225/building-your-first-cybersecurity-tool-with-spectator-a-new-language-for-pentesters-2fm9 <p>The Problem We All Face<br> Let's be honest: when you're in the middle of a penetration test or red team engagement, the last thing you want to do is wrestle with boilerplate code. You need to scan, exploit, and report — fast.</p> <p>Python is great, but:</p> <p>You need to install dependencies</p> <p>Virtual environments everywhere</p> <p>"It works on my machine" syndrome</p> <p>GUI tools? That means Electron (hello, 200MB hello world)</p> <p>Bash is powerful but... let's not talk about parsing JSON.</p> <p>Enter Spectator — a new programming language built from the ground up for cybersecurity work.</p> <p>What Is Spectator?<br> Spectator is an interpreted scripting language (written in Go) that puts security operations front and center.</p> <h1> Example </h1> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp"># This is all it takes to recon a target </span><span class="n">target</span> <span class="o">=</span> <span class="s">"scanme.nmap.org"</span> <span class="n">ips</span> <span class="o">=</span> <span class="n">resolve</span><span class="p">(</span><span class="n">target</span><span class="p">)</span> <span class="n">Trace</span><span class="p">(</span><span class="s">"IPs: "</span> <span class="o">--&gt;</span> <span class="n">join</span><span class="p">(</span><span class="n">ips</span><span class="p">,</span> <span class="s">", "</span><span class="p">))</span> <span class="k">do</span> <span class="o">--&gt;</span> <span class="n">PortScan</span><span class="p">(</span><span class="n">target</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1024</span><span class="p">)</span> <span class="k">do</span> <span class="o">--&gt;</span> <span class="n">SSLInfo</span><span class="p">(</span><span class="n">target</span><span class="p">)</span> </code></pre> </div> <h2> Your First Spectator Tool: A Smart Port Scanner </h2> <p>Step 1: Installation<br> Download the binary from releases:</p> <h1> Linux/macOS </h1> <p>chmod +x spectator<br> ./spectator version</p> <h1> Windows </h1> <p>Spectator.exe version</p> <h2> Step 2: Create Your First Script </h2> <p>Save this as smart_scan.str<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="n">target</span> <span class="o">=</span> <span class="n">Capture</span><span class="p">(</span><span class="s">"Target IP or domain: "</span><span class="p">)</span> <span class="n">Trace</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">[+] Scanning: "</span> <span class="o">--&gt;</span> <span class="n">target</span><span class="p">)</span> <span class="cp">## Define common ports and their services </span><span class="n">ports</span> <span class="o">=</span> <span class="p">[</span><span class="mi">21</span><span class="p">,</span> <span class="mi">22</span><span class="p">,</span> <span class="mi">23</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">443</span><span class="p">,</span> <span class="mi">445</span><span class="p">,</span> <span class="mi">3306</span><span class="p">,</span> <span class="mi">3389</span><span class="p">,</span> <span class="mi">5432</span><span class="p">,</span> <span class="mi">8080</span><span class="p">,</span> <span class="mi">8443</span><span class="p">,</span> <span class="mi">27017</span><span class="p">]</span> <span class="n">svcs</span> <span class="o">=</span> <span class="p">{</span> <span class="s">"21"</span><span class="o">:</span> <span class="s">"FTP"</span><span class="p">,</span> <span class="s">"22"</span><span class="o">:</span> <span class="s">"SSH"</span><span class="p">,</span> <span class="s">"23"</span><span class="o">:</span> <span class="s">"Telnet"</span><span class="p">,</span> <span class="s">"25"</span><span class="o">:</span> <span class="s">"SMTP"</span><span class="p">,</span> <span class="s">"80"</span><span class="o">:</span> <span class="s">"HTTP"</span><span class="p">,</span> <span class="s">"443"</span><span class="o">:</span> <span class="s">"HTTPS"</span><span class="p">,</span> <span class="s">"445"</span><span class="o">:</span> <span class="s">"SMB"</span><span class="p">,</span> <span class="s">"3306"</span><span class="o">:</span> <span class="s">"MySQL"</span><span class="p">,</span> <span class="s">"3389"</span><span class="o">:</span> <span class="s">"RDP"</span><span class="p">,</span> <span class="s">"5432"</span><span class="o">:</span> <span class="s">"PostgreSQL"</span><span class="p">,</span> <span class="s">"8080"</span><span class="o">:</span> <span class="s">"HTTP-Alt"</span><span class="p">,</span> <span class="s">"8443"</span><span class="o">:</span> <span class="s">"HTTPS-Alt"</span><span class="p">,</span> <span class="s">"27017"</span><span class="o">:</span> <span class="s">"MongoDB"</span> <span class="p">}</span> <span class="n">open_ports</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">results</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">Trace</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">[+] Scanning ports...</span><span class="se">\n</span><span class="s">"</span><span class="p">)</span> <span class="n">each</span> <span class="n">port</span> <span class="o">:</span> <span class="n">ports</span> <span class="p">{</span> <span class="k">if</span> <span class="n">hasPort</span><span class="p">(</span><span class="n">target</span><span class="p">,</span> <span class="n">port</span><span class="p">)</span> <span class="p">{</span> <span class="n">service</span> <span class="o">=</span> <span class="n">svcs</span><span class="p">[</span><span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)]</span> <span class="n">Trace</span><span class="p">(</span><span class="s">" OPEN "</span> <span class="o">--&gt;</span> <span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="s">" ("</span> <span class="o">--&gt;</span> <span class="n">service</span> <span class="o">--&gt;</span> <span class="s">")"</span><span class="p">)</span> <span class="cp">## Store results </span> <span class="n">open_ports</span> <span class="o">=</span> <span class="n">append</span><span class="p">(</span><span class="n">open_ports</span><span class="p">,</span> <span class="n">port</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)]</span> <span class="o">=</span> <span class="n">service</span> <span class="cp">## Grab banner if it's HTTP/HTTPS </span> <span class="k">if</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">80</span> <span class="n">or</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">443</span> <span class="n">or</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">8080</span> <span class="n">or</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">8443</span> <span class="p">{</span> <span class="n">proto</span> <span class="o">=</span> <span class="s">"https"</span> <span class="k">if</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">80</span> <span class="n">or</span> <span class="n">port</span> <span class="o">==</span> <span class="mi">8080</span> <span class="p">{</span> <span class="n">proto</span> <span class="o">=</span> <span class="s">"http"</span> <span class="p">}</span> <span class="n">url</span> <span class="o">=</span> <span class="n">proto</span> <span class="o">--&gt;</span> <span class="s">"://"</span> <span class="o">--&gt;</span> <span class="n">target</span> <span class="o">--&gt;</span> <span class="s">":"</span> <span class="o">--&gt;</span> <span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="n">Trace</span><span class="p">(</span><span class="s">" → Grabbing banner from "</span> <span class="o">--&gt;</span> <span class="n">url</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">http</span><span class="p">(</span><span class="s">"GET"</span><span class="p">,</span> <span class="n">url</span><span class="p">,</span> <span class="p">{</span><span class="s">"timeout"</span><span class="o">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="s">"follow"</span><span class="o">:</span> <span class="nb">false</span><span class="p">})</span> <span class="n">server</span> <span class="o">=</span> <span class="n">httpHeader</span><span class="p">(</span><span class="n">resp</span><span class="p">,</span> <span class="s">"server"</span><span class="p">)</span> <span class="k">if</span> <span class="n">server</span> <span class="o">!=</span> <span class="s">""</span> <span class="p">{</span> <span class="n">Trace</span><span class="p">(</span><span class="s">" → Server: "</span> <span class="o">--&gt;</span> <span class="n">server</span><span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="s">"_banner"</span><span class="p">]</span> <span class="o">=</span> <span class="n">server</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="cp">## Generate report </span><span class="n">Trace</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">[+] Summary:"</span><span class="p">)</span> <span class="n">Trace</span><span class="p">(</span><span class="s">" Open ports found: "</span> <span class="o">--&gt;</span> <span class="n">str</span><span class="p">(</span><span class="n">len</span><span class="p">(</span><span class="n">open_ports</span><span class="p">)))</span> <span class="n">Trace</span><span class="p">(</span><span class="s">" Results saved to scan_results.json and scan_report.html"</span><span class="p">)</span> <span class="cp">## Save JSON output </span><span class="n">json_data</span> <span class="o">=</span> <span class="n">jsonStr</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="n">writeFile</span><span class="p">(</span><span class="s">"scan_results.json"</span><span class="p">,</span> <span class="n">json_data</span><span class="p">)</span> <span class="cp">## Create HTML report </span><span class="n">html</span> <span class="o">=</span> <span class="s">"&lt;html&gt;&lt;head&gt;&lt;title&gt;Scan Report - "</span> <span class="o">--&gt;</span> <span class="n">target</span> <span class="o">--&gt;</span> <span class="s">"&lt;/title&gt;"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;style&gt;body{font-family:monospace;background:#0a0f1a;color:#e2e8f0;padding:20px}"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"h1{color:#00d4aa} table{border-collapse:collapse;width:100%}"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"th,td{border:1px solid #334155;padding:8px;text-align:left}"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"th{background:#1e293b}&lt;/style&gt;&lt;/head&gt;&lt;body&gt;"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;h1&gt; Spectator Scan Report&lt;/h1&gt;"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;p&gt;&lt;strong&gt;Target:&lt;/strong&gt; "</span> <span class="o">--&gt;</span> <span class="n">target</span> <span class="o">--&gt;</span> <span class="s">"&lt;/p&gt;"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;p&gt;&lt;strong&gt;Timestamp:&lt;/strong&gt; "</span> <span class="o">--&gt;</span> <span class="n">now</span><span class="p">()</span> <span class="o">--&gt;</span> <span class="s">"&lt;/p&gt;"</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;h2&gt; Open Ports&lt;/h2&gt;&lt;table&gt;&lt;tr&gt;&lt;th&gt;Port&lt;/th&gt;&lt;th&gt;Service&lt;/th&gt;&lt;th&gt;Banner&lt;/th&gt;&lt;/tr&gt;"</span> <span class="n">each</span> <span class="n">port</span> <span class="o">:</span> <span class="n">open_ports</span> <span class="p">{</span> <span class="n">port_str</span> <span class="o">=</span> <span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="n">service</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="n">port_str</span><span class="p">]</span> <span class="n">banner</span> <span class="o">=</span> <span class="s">""</span> <span class="k">if</span> <span class="n">hasKey</span><span class="p">(</span><span class="n">results</span><span class="p">,</span> <span class="n">port_str</span> <span class="o">--&gt;</span> <span class="s">"_banner"</span><span class="p">)</span> <span class="p">{</span> <span class="n">banner</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="n">port_str</span> <span class="o">--&gt;</span> <span class="s">"_banner"</span><span class="p">]</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">banner</span> <span class="o">=</span> <span class="s">"-"</span> <span class="p">}</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;tr&gt;&lt;td&gt;"</span> <span class="o">--&gt;</span> <span class="n">port_str</span> <span class="o">--&gt;</span> <span class="s">"&lt;/td&gt;&lt;td&gt;"</span> <span class="o">--&gt;</span> <span class="n">service</span> <span class="o">--&gt;</span> <span class="s">"&lt;/td&gt;&lt;td&gt;"</span> <span class="o">--&gt;</span> <span class="n">banner</span> <span class="o">--&gt;</span> <span class="s">"&lt;/td&gt;&lt;/tr&gt;"</span> <span class="p">}</span> <span class="n">html</span> <span class="o">=</span> <span class="n">html</span> <span class="o">--&gt;</span> <span class="s">"&lt;/table&gt;&lt;hr&gt;&lt;p&gt;&lt;i&gt;Generated by Spectator - See Everything. Miss Nothing.&lt;/i&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;"</span> <span class="n">writeFile</span><span class="p">(</span><span class="s">"scan_report.html"</span><span class="p">,</span> <span class="n">html</span><span class="p">)</span> <span class="n">Trace</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">[+] Done! Open scan_report.html in your browser."</span><span class="p">)</span> </code></pre> </div> <p>Step 3: Run Your Tool<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>spectator run smart_scan.str </code></pre> </div> <p>That's it. No dependencies, no virtual environments, no "pip install requests." Just run.</p> <p>Level Up: Adding a GUI<br> Here's where Spectator gets really interesting. Let's wrap that scanner in a native GUI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#Import Spec.GUI </span> <span class="n">open</span><span class="p">.</span><span class="n">window</span><span class="p">({</span> <span class="s">"title"</span><span class="o">:</span> <span class="s">"Spectator Port Scanner"</span><span class="p">,</span> <span class="s">"width"</span><span class="o">:</span> <span class="mi">900</span><span class="p">,</span> <span class="s">"height"</span><span class="o">:</span> <span class="mi">700</span><span class="p">,</span> <span class="s">"bg"</span><span class="o">:</span> <span class="s">"#0a0f1a"</span><span class="p">,</span> <span class="s">"accent"</span><span class="o">:</span> <span class="s">"#00d4aa"</span> <span class="p">})</span> <span class="n">GUI</span><span class="p">.</span><span class="n">header</span><span class="p">(</span><span class="s">"Spectator Port Scanner"</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="n">input</span><span class="p">(</span><span class="s">"target"</span><span class="p">,</span> <span class="s">"Enter target (IP or domain)..."</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="n">button</span><span class="p">(</span><span class="s">"Start Scan"</span><span class="p">,</span> <span class="s">"scan"</span><span class="p">,</span> <span class="p">{</span><span class="s">"color"</span><span class="o">:</span> <span class="s">"#00d4aa"</span><span class="p">})</span> <span class="n">GUI</span><span class="p">.</span><span class="n">output</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="p">{</span><span class="s">"height"</span><span class="o">:</span> <span class="mi">500</span><span class="p">})</span> <span class="n">GUI</span><span class="p">.</span><span class="n">on</span><span class="p">(</span><span class="s">"scan"</span><span class="p">,</span> <span class="n">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">target</span> <span class="o">=</span> <span class="n">GUI</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"target"</span><span class="p">)</span> <span class="k">if</span> <span class="n">target</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">GUI</span><span class="p">.</span><span class="n">alert</span><span class="p">(</span><span class="s">"Please enter a target"</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">GUI</span><span class="p">.</span><span class="n">clear</span><span class="p">(</span><span class="s">"results"</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="s">"[+] Scanning: "</span> <span class="o">--&gt;</span> <span class="n">target</span><span class="p">)</span> <span class="n">GUI</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="s">"[+] Checking common ports..."</span><span class="p">)</span> <span class="n">ports</span> <span class="o">=</span> <span class="p">[</span><span class="mi">21</span><span class="p">,</span> <span class="mi">22</span><span class="p">,</span> <span class="mi">23</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">80</span><span class="p">,</span> <span class="mi">443</span><span class="p">,</span> <span class="mi">445</span><span class="p">,</span> <span class="mi">3306</span><span class="p">,</span> <span class="mi">3389</span><span class="p">,</span> <span class="mi">5432</span><span class="p">,</span> <span class="mi">8080</span><span class="p">,</span> <span class="mi">8443</span><span class="p">]</span> <span class="n">each</span> <span class="n">port</span> <span class="o">:</span> <span class="n">ports</span> <span class="p">{</span> <span class="k">if</span> <span class="n">hasPort</span><span class="p">(</span><span class="n">target</span><span class="p">,</span> <span class="n">port</span><span class="p">)</span> <span class="p">{</span> <span class="n">GUI</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="s">" ✓ Port "</span> <span class="o">--&gt;</span> <span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="s">" is OPEN"</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">GUI</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="s">" ✗ Port "</span> <span class="o">--&gt;</span> <span class="n">str</span><span class="p">(</span><span class="n">port</span><span class="p">)</span> <span class="o">--&gt;</span> <span class="s">" is closed"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="n">GUI</span><span class="p">.</span><span class="n">print</span><span class="p">(</span><span class="s">"results"</span><span class="p">,</span> <span class="s">"</span><span class="se">\n</span><span class="s">[+] Scan complete!"</span><span class="p">)</span> <span class="p">})</span> <span class="n">end</span><span class="p">()</span> </code></pre> </div> <h2> Build </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Windows executable</span> spectator build scanner.str to PortScanner.exe <span class="k">for </span>windows <span class="c"># Linux binary</span> spectator build scanner.str to portscanner <span class="k">for </span>linux <span class="c"># macOS (Intel)</span> spectator build scanner.str to PortScanner <span class="k">for </span>mac </code></pre> </div> <p>Your users don't need Spectator installed. The binary is completely self-contained.</p> <p>*GUI available only for windows.</p> <h1> The Built-in Modules That Shine </h1> <p>After playing with Spectator, here are the modules I found most useful:</p> <h2> Recon </h2> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="n">ips</span> <span class="o">=</span> <span class="n">resolve</span><span class="p">(</span><span class="s">"target.com"</span><span class="p">)</span> <span class="n">whois</span> <span class="o">=</span> <span class="n">WHOIs</span><span class="p">(</span><span class="s">"target.com"</span><span class="p">)</span> <span class="n">geo</span> <span class="o">=</span> <span class="n">GeoIP</span><span class="p">(</span><span class="s">"8.8.8.8"</span><span class="p">)</span> <span class="n">subs</span> <span class="o">=</span> <span class="n">SubdomainEnum</span><span class="p">(</span><span class="s">"target.com"</span><span class="p">,</span> <span class="s">"wordlist.txt"</span><span class="p">)</span> </code></pre> </div> <h2> Web Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="n">headers</span> <span class="o">=</span> <span class="n">HeaderAudit</span><span class="p">(</span><span class="s">"https://target.com"</span><span class="p">)</span> <span class="n">tech</span> <span class="o">=</span> <span class="n">TechDetect</span><span class="p">(</span><span class="s">"https://target.com"</span><span class="p">)</span> <span class="n">sqli_test</span> <span class="o">=</span> <span class="n">SQLiTest</span><span class="p">(</span><span class="s">"https://target.com/page?id=1"</span><span class="p">)</span> </code></pre> </div> <h2> Mission Reporting </h2> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="n">m</span> <span class="o">=</span> <span class="n">missionStart</span><span class="p">(</span><span class="s">"Web App Pentest"</span><span class="p">,</span> <span class="s">"target.com"</span><span class="p">)</span> <span class="n">missionStage</span><span class="p">(</span><span class="n">m</span><span class="p">,</span> <span class="s">"Recon"</span><span class="p">)</span> <span class="n">missionFind</span><span class="p">(</span><span class="n">m</span><span class="p">,</span> <span class="s">"HIGH"</span><span class="p">,</span> <span class="s">"Missing CSP header"</span><span class="p">,</span> <span class="s">"XSS possible"</span><span class="p">)</span> <span class="n">missionFind</span><span class="p">(</span><span class="n">m</span><span class="p">,</span> <span class="s">"CRITICAL"</span><span class="p">,</span> <span class="s">"SQLi in login form"</span><span class="p">,</span> <span class="s">"Auth bypass"</span><span class="p">)</span> <span class="n">missionEnd</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="n">missionReport</span><span class="p">(</span><span class="n">m</span><span class="p">,</span> <span class="s">"pentest_report.html"</span><span class="p">)</span> </code></pre> </div> <h1> The Package Manager: Space </h1> <p>Installing community libraries is straightforward and secure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="n">spectator</span> <span class="n">space</span> <span class="n">get</span> <span class="n">ghost</span> <span class="n">spectator</span> <span class="n">space</span> <span class="n">verify</span> <span class="n">ghost</span> <span class="cp">#Import ghost </span><span class="n">ghost_full</span><span class="p">(</span><span class="s">"target.com"</span><span class="p">)</span> <span class="err">#</span> <span class="n">Full</span> <span class="n">OSINT</span> <span class="n">sweep</span> </code></pre> </div> <h1> Who Is This For? </h1> <p>Penetration testers who want to automate repetitive tasks without fighting tooling.</p> <p>Red teamers who need quick, reliable scripts that work everywhere (thanks to standalone binaries).</p> <p>Bug bounty hunters who want to build custom scanners without dependency hell.</p> <p>Security researchers who need to prototype attack techniques rapidly.</p> <p>Tool builders who want to distribute GUI security tools without Electron bloat.</p> <h1> Getting Started Today </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Download</span> wget https://github.com/CzaxStudio/Spectator/releases/latest/download/spectator-linux <span class="nb">chmod</span> +x spectator-linux <span class="c"># 2. Run REPL</span> ./spectator-linux repl <span class="c"># 3. Try hello world</span> Trace<span class="o">(</span><span class="s2">"Hello, Spectator!"</span><span class="o">)</span> <span class="c"># 4. Install a library</span> ./spectator-linux space get coffee <span class="c"># 5. Build something</span> ./spectator-linux build mytool.str to scanner </code></pre> </div> <p>Documentation: spectatorlang.pages.dev<br> GitHub: github.com/CzaxStudio/Spectator<br> Examples: Check the examples/ directory in the repo</p> <h2> Final Thoughts </h2> <p>Is Spectator going to replace Python for security work? Not tomorrow. But it's solving real problems that Python has ignored for years — dependency management, cross-platform GUI apps, and built-in security primitives.</p> <p>For pentesters tired of the "pip install → version conflict → break everything" cycle, Spectator is a breath of fresh air. And at 7 stars on GitHub (as of writing), you can get in on the ground floor.</p> <p>Try it on your next CTF or internal tool. You might be surprised how fast you can go from idea to working executable.</p> <h2> Thanks </h2> <p>What tools would you build with a language like this? Drop a comment below!</p> <p>Follow for more: I'll be posting Spectator tutorials, security tools, and red team automation scripts in the coming weeks.</p> <p>Spectator v2.0.0 — "See Everything. Miss Nothing."</p> cybersecurity go spectator programming Introducing Mamba: A Powerful Python OSINT Library for Security Researchers Czax225 Wed, 29 Apr 2026 05:09:08 +0000 https://dev.to/czax225/introducing-mamba-a-powerful-python-osint-library-for-security-researchers-1fa6 https://dev.to/czax225/introducing-mamba-a-powerful-python-osint-library-for-security-researchers-1fa6 <p>What is Mamba?<br> Mamba is a production-ready OSINT (Open Source Intelligence) library that makes security research and reconnaissance simple in Python. With just a few lines of code, you can investigate emails, domains, usernames, phone numbers, and IP addresses.</p> <p>GitHub: CzaxStudio/Mamba<br> PyPI: pip install mamba-security</p> <p>Why I Built Mamba<br> As a security researcher, I found myself writing the same code repeatedly for OSINT investigations. Each project needed:</p> <p>Email breach checking</p> <p>WHOIS lookups</p> <p>Username enumeration</p> <p>Phone validation</p> <p>IP geolocation</p> <p>I built Mamba to solve this. It's designed to be:</p> <p>Easy to use - One line of code for complex OSINT tasks</p> <p>Production ready - Rate limiting, caching, and error handling built-in</p> <p>Well tested - Comprehensive test suite</p> <p>Industry standard - Type hints, proper documentation</p> <h1> Example </h1> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">mamba</span> <span class="kn">import</span> <span class="n">MambaClient</span><span class="p">,</span> <span class="n">EmailReputation</span><span class="p">,</span> <span class="n">DomainIntel</span> <span class="k">with</span> <span class="nc">MambaClient</span><span class="p">()</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="c1"># Check email </span> <span class="n">email</span> <span class="o">=</span> <span class="nc">EmailReputation</span><span class="p">(</span><span class="n">client</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">email</span><span class="p">.</span><span class="nf">validate_format</span><span class="p">(</span><span class="sh">"</span><span class="s">researcher@example.com</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Valid email: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">valid_format</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Domain WHOIS </span> <span class="n">domain</span> <span class="o">=</span> <span class="nc">DomainIntel</span><span class="p">(</span><span class="n">client</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">domain</span><span class="p">.</span><span class="nf">whois_lookup</span><span class="p">(</span><span class="sh">"</span><span class="s">google.com</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Registrar: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">registrar</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Requirements<br> Python 3.8+</p> <p>Internet connection for API calls</p> <h1> Documentation &amp; Learning </h1> <p>Complete Mamba Documentation: GitHub - MambaDocumentation</p> <p>The documentation repository includes:</p> <p>Step-by-step tutorials</p> <p>Complete API reference</p> <p>Real-world examples</p> <p>Best practices for OSINT</p> <p>Roadmap<br> Add more breach databases</p> <p>Support for Dark Web monitoring</p> <p>Social media API integration</p> <p>Machine learning for threat detection</p> <p>Plugin system for custom sources</p> <p>Contributing<br> Contributions are welcome! Open issues, submit PRs, or suggest features.</p> <p>License<br> MIT License - Free for commercial and personal use</p> <p>Connect With Me<br> GitHub: CzaxStudio</p> <p>Star the Repo ⭐<br> If Mamba helps you, please star the repository on GitHub. It helps others discover the project!</p> <p><a href="https://github.com/CzaxStudio/Mamba" rel="noopener noreferrer">https://github.com/CzaxStudio/Mamba</a></p> <p>Happy OSINT investigations!</p> python osint cybersecurity opensource I built a lightweight IDE for Nim — focused, fast, and simple Czax225 Thu, 23 Apr 2026 08:36:44 +0000 https://dev.to/czax225/i-built-a-lightweight-ide-for-zig-focused-fast-and-simple-40m7 https://dev.to/czax225/i-built-a-lightweight-ide-for-zig-focused-fast-and-simple-40m7 <p>Most Nim developers today use tools like Visual Studio Code with extensions.</p> <p>It works — but I kept wondering:</p> <p>What would a Nim-first IDE feel like if it was designed around simplicity and speed?</p> <p>So I built one.</p> <p>Ferrum Studio.</p> <p>Why I built this</p> <p>While learning and working with Nim, I noticed the workflow often feels adapted rather than designed for the language.</p> <p>You install an editor, configure extensions, tweak settings… and eventually it works.</p> <p>But I wanted something simpler:</p> <p>Open a Nim file<br> Press run<br> See output immediately</p> <p>No friction. No setup overhead.</p> <p>What Ferrum Studio does</p> <p>Ferrum Studio is a lightweight IDE focused specifically on Nim.</p> <p>A few things upfront:</p> <p>Built with Go + Wails (uses a system webview — no bundled Chromium)<br> Frontend parts were built with help from AI tools (I’m still learning JavaScript)<br> Backend, Nim integration, and overall structure are written by me<br> Features (current)<br> Run Nim files with live output<br> Build (nim build), test, and ast-check integration<br> Inline error display with simplified explanations<br> Basic autocomplete and snippets<br> Project templates (CLI, library, TCP server, embedded)<br> Integrated terminal with stdin support<br> Nim auto-detection<br> The main goal: a smooth workflow</p> <p>The focus is on making this loop fast and simple:</p> <p>open → run → see output → interact → fix errors</p> <p>Handling things like:</p> <p>real-time output streaming<br> stdin interaction<br> process control</p> <p>…took more work than expected, but this is the part I’m most proud of.</p> <p>Who should use this (right now)</p> <p>Ferrum Studio is still early, but it’s already useful for:</p> <p>Developers learning Nim who want a simple environment<br> People who prefer lightweight tools over heavier setups<br> Anyone who wants a fast “open → run → test” workflow</p> <p>If you rely heavily on advanced IDE features (full LSP, deep refactoring, debugging), tools like Visual Studio Code are still better today.</p> <p>But if you want a focused, minimal Nim workflow — this already works well.</p> <p>What I learned</p> <p>This project taught me a lot:</p> <p>How Nim tooling works in practice (run, build, test, ast-check)<br> Managing subprocesses and terminal interaction<br> Designing an editor around a single language<br> Using AI tools effectively for parts I’m less experienced in<br> What’s next<br> Deciding between lightweight autocomplete vs full LSP (ZLS)<br> Improving error explanations<br> Exploring debugging support<br> Cleaning up and improving the codebase<br> Feedback?</p> <p>I’d really appreciate input:</p> <p>What do you expect from a Nim-focused IDE?<br> What slows you down in your current workflow?<br> What would make this genuinely useful for you?<br> Project</p> <p>GitHub: <a href="https://github.com/CzaxStudio/Ferrum-Studio" rel="noopener noreferrer">https://github.com/CzaxStudio/Ferrum-Studio</a></p> <p>Final thoughts</p> <p>This started as an experiment — but it’s already shaping how I think about developer tools.</p> <p>Simple, fast, and focused.</p> <p>Thanks for reading 🙂</p> programming ide nim Spectator - A programming language for cybersecurity(GUI, CLI, TUI built in) Czax225 Sat, 04 Apr 2026 06:51:30 +0000 https://dev.to/czax225/spectator-a-programming-language-for-cybersecuritygui-cli-tui-built-in-1moe https://dev.to/czax225/spectator-a-programming-language-for-cybersecuritygui-cli-tui-built-in-1moe <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhbaebplzipyfxb87hicw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhbaebplzipyfxb87hicw.png" alt=" " width="800" height="800"></a></p> <h1> Spectator — A Cybersecurity Language That Actually Gets Work Done </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>███████╗██████╗ ███████╗ ██████╗████████╗ █████╗ ████████╗ ██████╗ ██████╗ ██╔════╝██╔══██╗██╔════╝██╔════╝╚══██╔══╝██╔══██╗╚══██╔══╝██╔═══██╗██╔══██╗ ███████╗██████╔╝█████╗ ██║ ██║ ███████║ ██║ ██║ ██║██████╔╝ ╚════██║██╔═══╝ ██╔══╝ ██║ ██║ ██╔══██║ ██║ ██║ ██║██╔══██╗ ███████║██║ ███████╗╚██████╗ ██║ ██║ ██║ ██║ ╚██████╔╝██║ ██║ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ </code></pre> </div> <p><strong>See Everything. Miss Nothing.</strong></p> <p>What if your entire cybersecurity workflow lived inside one language?</p> <p>No switching between Python, Bash, and dozens of disconnected tools.<br> No glue scripts. No messy pipelines.</p> <p>Just one clean, purpose-built system.</p> <p>That’s Spectator.</p> <h2> The Problem </h2> <p>Modern security workflows are fragmented by design.</p> <ul> <li>Python for scripting</li> <li>Bash for automation</li> <li>Standalone tools for scanning and fuzzing</li> <li>Separate stacks for GUI tools</li> </ul> <p>Everything works — but nothing works together.</p> <p>You spend more time connecting tools than actually testing systems.</p> <h2> The Idea Behind Spectator </h2> <p>Spectator is a cybersecurity-first scripting language designed to unify your workflow.</p> <p>It combines:</p> <ul> <li>Simple, readable syntax</li> <li>Built-in security modules</li> <li>Native GUI framework</li> <li>Integrated package manager</li> <li>Standalone binary compilation</li> </ul> <p>All inside a single runtime.</p> <h2> Recon in 5 Lines </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>target = "scanme.nmap.org" ips = resolve(target) Trace("IPs: " --&gt; join(ips, ", ")) do --&gt; PortScan(target, 1, 1024) do --&gt; SSLInfo(target) </code></pre> </div> <p>No imports. No external dependencies. No setup.</p> <h2> Build a Real GUI Tool </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#Import Spec.GUI open.window({"title": "Ghost Recon", "bg": "#070b14", "accent": "#00d4aa"}) GUI.input("target", "Enter target...") GUI.button("Scan", "run", {"color": "#00d4aa"}) GUI.output("out", {"height": 400}) GUI.on("run", func() { t = GUI.get("target") ips = resolve(t) each ip : ips { GUI.print("out", "IP: " --&gt; ip) } }) end() </code></pre> </div> <p>No Electron. No web stack. No Python GUI frameworks.</p> <h2> Built-in Security Modules </h2> <p>Spectator includes native support for:</p> <ul> <li>Recon: PortScan, DNSLookup, CIDRScan</li> <li>OSINT: WHOIS, GeoIP, Subdomain Enumeration</li> <li>Web: HTTP probing, header analysis, SSL inspection</li> <li>Exploitation: SQLi, CORS, Open Redirect testing</li> <li>Fuzzing: Directory busting, URL fuzzing</li> <li>Payload generation for multiple attack vectors</li> <li>Encoding, hashing, and cryptographic utilities</li> </ul> <p>Everything is directly accessible from the language.</p> <h2> HTTP Engine Included </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resp = http("GET", "https://target.com", {"timeout": 5000}) Trace(httpStatus(resp)) Trace(extractTitle(httpBody(resp))) </code></pre> </div> <p>No external libraries required.</p> <h2> Mission Engine for Structured Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>m = missionStart("Web App Pentest", "target.com") missionStage(m, "Recon") missionFind(m, "CRITICAL", ".env exposed", "Credentials leaked") missionEnd(m) missionReport(m, "report.html") </code></pre> </div> <p>Generate structured reports automatically.</p> <h2> Space Package Manager </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>spectator space get coffee spectator space verify coffee spectator space registry </code></pre> </div> <p>All packages are SHA-256 verified by default.</p> <h2> Build Standalone Tools </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>spectator build tool.str to Tool.exe for windows </code></pre> </div> <p>No runtime required for end users.</p> <h2> Why Spectator Exists </h2> <p>Because cybersecurity tooling is unnecessarily complex.</p> <p>Because developers keep rebuilding the same pipelines.</p> <p>Because switching between tools breaks flow.</p> <p>Spectator removes that friction.</p> <h2> Links </h2> <p>Website: <a href="https://spectatorlang.pages.dev/" rel="noopener noreferrer">https://spectatorlang.pages.dev/</a><br> Documentation: <a href="https://github.com/CzaxStudio/SpectatorDocs/" rel="noopener noreferrer">https://github.com/CzaxStudio/SpectatorDocs/</a><br> Source: <a href="https://github.com/CzaxStudio/Spectator" rel="noopener noreferrer">https://github.com/CzaxStudio/Spectator</a></p> <h2> Final Thought </h2> <p>Spectator is not trying to replace existing tools.</p> <p>It is trying to replace the need to glue them together.</p> <p>If you build tools, automate testing, or work in offensive security — this is for you.</p> programming cybersecurity opensource go I Built a Cybersecurity-Only Programming Language (So You Don’t Need 200 Lines of Python) Czax225 Sat, 03 Jan 2026 05:54:23 +0000 https://dev.to/czax225/i-built-a-cybersecurity-only-programming-language-so-you-dont-need-200-lines-of-python-1ime https://dev.to/czax225/i-built-a-cybersecurity-only-programming-language-so-you-dont-need-200-lines-of-python-1ime <p>Cybersecurity scripting today mostly relies on general-purpose languages like Python, Bash, or Go.</p> <p>They work — but they come with problems:</p> <p>Too many libraries</p> <p>Long scripts for simple tasks</p> <p>Environment setup issues</p> <p>Slower execution for small utilities</p> <p>So I asked a simple question:</p> <p>Why isn’t there a programming language made only for cybersecurity?</p> <p>That’s how Cyber+ was born.</p> <p>What is Cyber+?</p> <p>Cyber+ is a domain-specific programming language (DSL) built exclusively for cybersecurity tasks.</p> <p>It is not a replacement for Python or Go.<br> It is a workflow language for security operations.</p> <p>Instead of writing long scripts and importing heavy libraries, Cyber+ provides built-in security commands.</p> <p>And because it’s implemented in Go, it’s fast and distributed as a single binary.</p> <p>The Problem with Current Approaches</p> <p>Let’s take a very common task: hashing.</p> <p>Python<br> import hashlib</p> <p>data = "password".encode()<br> hash_value = hashlib.sha256(data).hexdigest()<br> print(hash_value)</p> <p>That’s fine — but this is a simple example.</p> <p>Now imagine:</p> <p>Encoding / decoding</p> <p>Password generation</p> <p>Port scanning</p> <p>File integrity checks</p> <p>Repetitive CTF automation</p> <p>Scripts quickly become long and repetitive.</p> <p>The Cyber+ Approach</p> <p>In Cyber+, the same task looks like this:</p> <p>Hash_Compute("password", "sha256")</p> <p>That’s it.</p> <p>No imports.<br> No setup.<br> No boilerplate.</p> <p>Why a DSL?</p> <p>Cybersecurity already uses DSLs successfully:</p> <p>SQL for databases</p> <p>Bash for automation</p> <p>YARA for malware detection</p> <p>Cyber+ follows the same idea:</p> <p>One language, one domain, maximum clarity.</p> <p>Each Cyber+ command directly represents a security action, not a programming construct.</p> <p>Core Design Goals</p> <p>Cyber+ is designed to be:</p> <p>Security-first (only cybersecurity features)</p> <p>Fast (Go-powered execution)</p> <p>Beginner-friendly</p> <p>Minimal syntax</p> <p>Single binary (no runtime hell)</p> <p>Who is Cyber+ For?</p> <p>Cyber+ is especially useful for:</p> <p>Cybersecurity students</p> <p>CTF players</p> <p>Security automation</p> <p>Learning-focused environments</p> <p>Quick scripting tasks</p> <p>It’s not meant to replace full frameworks — it’s meant to remove friction.</p> <p>Real Use Cases</p> <p>Automating CTF challenges</p> <p>Quick hashing / encoding utilities</p> <p>Password and wordlist operations</p> <p>Lightweight recon scripts</p> <p>Teaching cybersecurity fundamentals</p> <p>Why It’s Written in Go</p> <p>Using Go allows Cyber+ to:</p> <p>Run fast</p> <p>Compile to static binaries</p> <p>Avoid dependency issues</p> <p>Work across platforms easily</p> <p>This matters a lot in security workflows.</p> <p>Open Source &amp; Early Stage</p> <p>Cyber+ is open source and still evolving.</p> <p>Feedback, ideas, and contributions are welcome — especially from:</p> <p>Security professionals</p> <p>Students</p> <p>Educators</p> <p>Tool builders</p> <p>GitHub</p> <p>Project repository:<br> <a href="https://github.com/TanmayCzax/Cyber-Programming-language-Alpha" rel="noopener noreferrer">https://github.com/TanmayCzax/Cyber-Programming-language-Alpha</a></p> <p>Final Thoughts</p> <p>Cyber+ isn’t trying to be the next Python.</p> <p>It’s trying to be something simpler:</p> <p>A language that lets you focus on cybersecurity, not code overhead.</p> <p>If you’ve ever thought “this script shouldn’t be this long” — Cyber+ might be for you.</p> cybersecurity programming showdev tooling I Built a Cybersecurity Programming Language in Go (Cyber+) Czax225 Fri, 19 Dec 2025 12:41:56 +0000 https://dev.to/czax225/i-built-a-cybersecurity-programming-language-in-go-cyber-1jdo https://dev.to/czax225/i-built-a-cybersecurity-programming-language-in-go-cyber-1jdo <p>I’m experimenting with a small domain-specific language for ethical cyber security tasks<br> (recon, DNS, OSINT, HTTP inspection).</p> <p>The idea is to reduce reliance on Bash scripts and multiple tools<br> by offering a minimal, command-based syntax.</p> <p>Example usage:<br> Recon("example.com");<br> Phone_Info("+91XXXXXXXXXX");<br> Scan_Port("8.8.8.8", 53);</p> <p>I’m mainly looking for feedback on:<br> • Syntax readability<br> • Whether this feels more like a language or a wrapper<br> • What features you’d expect in a security DSL</p> <p>Here is the repo link -- <a href="https://github.com/TanmayCzax/Cyber-Programming-language" rel="noopener noreferrer">https://github.com/TanmayCzax/Cyber-Programming-language</a></p> cybersecurity discuss showdev go