Become a sponsor to www.idarti.com
Who I am
I'm Igor Dunaev (NubleX) - a Security Operations analyst, independent researcher, founder of ID ArtCraft and the co-founder of KyberKraaft, a cybersecurity software lab based in Prague. Day-to-day I work as an L2 SOC analyst, handling SIEM analysis, incident response, and threat hunting. Outside of that I build open-source tools across security, systems, and financial infrastructure, and I rank in the top 1% on TryHackMe.
My work sits at the intersection of two ideas: systems should be transparent to the people who operate them, and the interface between a human and complex infrastructure should be fast, honest, and purpose-built. Everything I release is an expression of that.
What I build
Security & Offensive Tools
LEGION2 - A modern network penetration testing platform rebuilt from scratch in Rust (Tauri 2) and React. The original LEGION was archived in 2024 with chronic GUI freezes
and broken scan pipelines. LEGION2 replaces the Python/Qt stack with a 3-phase Massmap pipeline (ARP discovery → masscan → nmap), real-time event streaming, SQLite persistence, NSE script support, IoT device
discovery via SpiderIoTA, and a CVE correlation engine. Quick scans run without root. No GUI freezes. Targets Kali, Ubuntu, ParrotOS, and Debian.
ID-Spoofer - A cross-platform identity spoofing toolkit written in Go. It manipulates MAC addresses and projects a convincing OS network persona at the wire
level - Windows, macOS, iOS, Android, Linux - without touching the system hostname. It rewrites TCP options, TTL, and DHCP vendor class via NFQUEUE, producing p0f and Wireshark signatures that match the target OS exactly. Optional protocol encapsulation supports Tor, WireGuard, I2P, Shadowsocks, QUIC, and layered combinations. Ships with a Bubble Tea interactive TUI and binary releases via goreleaser.
Windows-Attack-Surface-Analyzer - A PowerShell module for enumerating and hardening the Windows attack surface. Covers privilege escalation vectors, exposed services, weak ACLs, scheduled tasks, startup persistence, and registry attack paths - designed for red team assessments and SOC-side hardening audits.
Financial Infrastructure
NeutronTrader - A multi-exchange algorithmic trading desktop platform built with Electron and React. Connects to Binance, Coinbase, Kraken, OKX, and Bybit simultaneously for live cross-exchange arbitrage detection, a listing sniper, a Strategy Composer with RSI/SMA/MACD/Bollinger Bands, backtesting with equity curve and Sharpe ratio, and a DeFi portfolio view supporting BSC and EVM addresses. API keys are encrypted with AES-256-GCM in the Electron main process and never leave the local machine. No cloud dependency. No subscription.
The common thread
Every project here is a human-machine interface problem. LEGION2 gives a penetration tester real-time visibility into a network the way a pilot reads instruments. ID-Spoofer gives a red teamer precise, verifiable
control over their wire-level identity. NeutronTrader gives an independent trader the same cross-exchange data infrastructure that institutions take for granted. The Windows Attack Surface Analyzer makes an opaque OS legible to the analyst responsible for defending it.
The tools are free and will remain free. The interface between a skilled human and complex infrastructure should not be paywalled.
Why your sponsorship matters
All projects are GPL-3.0. Sponsorship directly funds:
- Development time reallocated away from billable client work
- Cross-platform test infrastructure (Kali, Ubuntu, ParrotOS, Windows)
- Code signing, packaging, and release automation
- CVE database and threat intelligence pipeline maintenance
- Upcoming features: LEGION2 plugin architecture, ID-Spoofer macOS/Windows
support, NeutronTrader v1.0 stable release
Every sponsor gets a direct voice in the roadmap via GitHub Discussions.
Covers infrastructure, cross-distro test environments, agents and one guaranteed development block per week across all active projects - instead of fitting OSS work around client engagements. At this level I can commit to a regular release cadence for LEGION2, ID-Spoofer, and NeutronTrader simultaneously.
Featured work
-
NubleX/LEGION2
LEGION2 - A free and open-source penetration testing tool. Forked from an earlier version of LEGION, which was originally created by Gotham Security. It was archived in 2024 and left broken.
Lua 27 -
NubleX/ID-Spoofer
Cross-platform identity spoofing toolkit - MAC randomization + wire-level Windows TCP/IP persona via NFQUEUE packet rewriting. For authorized pentesting.
Go 17
0% towards $300 per month goal
Be the first to sponsor this goal!
$5 a month
Select- Get a Sponsor badge on your profile
$25 a month
Select- Name in LEGION2 README + your issues get reviewed first
$100 a month
Select- Company logo in README + early access to pre-release builds + mention in release notes
$500 a month
Select- Everything above + dedicated Discord channel for your team, direct line to me for support