In Development

INQUISITOR

Offensive security for the air-gapped DoD.

An integrated offensive security platform for classified DoD environments. Designed to operate inside air-gapped enclaves at DoD Impact Level 6 and above, with end-to-end FIPS 140-3 cryptography and zero external network dependency.

Request a DemoClient PortalGet Notified

In active development

Capabilities

What INQUISITOR Delivers

Typed TypeScript Gateway

Express 5 + TypeScript gateway is the sole public surface. Every inbound request is validated against a Zod schema at the boundary before it reaches the engine.

Localhost-Only Python Engine

FastAPI engine is bound to the loopback interface with no outward API, no direct database access, and Pydantic models on every request. The gateway is its only caller.

TCP Network Reconnaissance

nmap-driven TCP service discovery ships today, returning structured host and port results through the typed boundary. Web-app scanning, protocol exploitation, and offline intel follow in phased releases.

Why INQUISITOR

Built for Classified Operations

Designed for IL6 From Day One

Trust boundaries, FIPS posture, and air-gap constraints were architectural requirements at project inception - not retrofitted onto a commercial product.

Zero External Network Calls

No outbound internet requests. All threat intelligence, vulnerability data, and updates are imported from signed offline packages verified with Ed25519 signatures.

Complements RAVEN

Run RAVEN for defensive RMF work and INQUISITOR for offensive assessments with one vendor, one FIPS posture, one on-premises deployment model.

FAQ

INQUISITOR Questions

What is INQUISITOR?
INQUISITOR is an integrated offensive security platform for classified DoD environments. It operates inside air-gapped enclaves at DoD Impact Level 6 and above, with end-to-end FIPS 140-3 cryptography and zero external network dependency.
What ships today and what is still in development?
Shipping today: TCP network reconnaissance, the TypeScript API gateway, and the localhost-only Python engine. In active development: CAC/PIV + WebAuthn + TOTP authentication, five-tier operator RBAC, web-application scanning (nikto), protocol-level exploitation (impacket), packet crafting (scapy), and offline threat-intelligence ingest.
Why split the platform into a TypeScript gateway and a Python engine?
The TypeScript gateway is the sole public surface and validates every inbound request against a Zod schema at the boundary. The Python engine is bound to the loopback interface with no outward API, so the engine has no direct database access and is only reachable through the typed gateway.
Does INQUISITOR make any external network calls?
No. There are no outbound internet requests. All threat intelligence, vulnerability data, and updates are imported from signed offline packages verified with Ed25519 signatures before they are applied.
How does INQUISITOR complement RAVEN?
Run RAVEN for defensive RMF work - scanning, compliance authoring, ATO tracking, continuous monitoring - and INQUISITOR for offensive assessments. One vendor, one FIPS posture, one on-premises deployment model.
When will INQUISITOR be generally available?
INQUISITOR is delivered under a phase-based plan; TCP reconnaissance ships today and the remaining modules follow. Use the Get Notified form above or contact us to discuss deployment in your SCIF or classified enclave.

Evaluate INQUISITOR

INQUISITOR is in active development. Contact us to discuss deployment in your SCIF or classified enclave, or sign up to be notified at GA.

Contact UsClient Portal

Stay Informed

Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.

Release updates only. No spam, ever.