Private by default
No upload. No telemetry. No account. Leviathan can't phone home, because it has no home to phone.
Truthful over flashy
Every panel is marked solid, partial or heuristic. When a tool is guessing, it says so.
Everything in one place
Bookmarks, evidence, patches, hashes and diffs are shared across every panel and bundled into one portable case file.
Built for large files
Multi-hundred-megabyte images stay smooth. Only what's on screen is rendered; the engine streams the rest.
Incident responders
Triage a fresh sample from cursor to case-zip without leaving the browser.
Forensic analysts
Pull artefacts from a disk or memory dump with a full evidence trail.
Firmware & IoT engineers
Unpack an image — U-Boot, kernel, SquashFS rootfs — all in one tab.
Reverse engineers
One workbench instead of twenty: hex, stego, transforms, ciphers, carving.
Air-gapped work
Use it on a machine with no installation rights and no network at all.
Students & the curious
Learn binary formats, cryptography and forensics with a hands-on tool. Anyone whose day involves strange bytes.
Virtualised rendering keeps multi-hundred-megabyte files scrolling smoothly. Configurable row width, endianness and encoding. In-place patching with reversible history. A live entropy minimap pins every search hit, bookmark and diff region. If it opens in a hex editor, it opens in Leviathan — and then goes much further.
Every panel lives in the side dock, shares the same bookmarks and evidence log, and clicks through to the same hex view. Pick a starting point — they all feed into each other.
Inspector
The byte under the cursor as every common type at once: u8–i64 (LE/BE), f32/f64, ASCII / UTF-8 / UTF-16, and Unix, FILETIME, WebKit and OLE timestamps. Spot whether an 8-byte value is a size, a pointer, an epoch or floating-point junk.
Search
Three modes in one panel: ASCII text, hex with ?? wildcards, and Go-flavoured regex. Streams over the file in chunks, with matches carried across chunk boundaries — hunt a key, a domain or a magic number across a disk image in seconds.
Entropy
Shannon entropy over a configurable window. Regions near 8.0 suggest encryption or compression; flat regions are usually text, code or padding. Encrypted blobs inside a readable dump stand out at a glance.
Hashes
Streaming CRC32, MD5, SHA-1, SHA-256 and SHA-512, over the whole file or any selected range. Take an evidentiary hash before and after an edit, or compare against a public IOC database.
Strings
Printable ASCII and UTF-16 (LE/BE) strings with a configurable minimum length. Runs carry across chunk boundaries, so straddled strings aren't missed — user-agents, URLs, paths and passwords in a single pass.
IOCs
A regex-driven indicator extractor across 15 categories: IPv4/IPv6, email, URL, domain, MD5/SHA hashes, CVE IDs, Bitcoin addresses, registry keys, file paths, hex-encoded PE headers and Base64 blocks.
Bookmarks
Named, coloured, optionally categorised markers — shown as highlights in the editor and pins on the minimap, persisted locally and bundled into the case export. Annotate every field, or flag a region for a colleague.
Structures
Auto-detects and parses PNG, JPEG, ZIP, ELF, PE, Mach-O, RIFF and ASN.1/DER. Every field is clickable — it jumps the hex view and highlights the byte range. See an unfamiliar .exe laid out as a tree.
Templates
A compact DSL for arbitrary binary layouts. Write a struct that matches your file and every field is parsed, decoded and cross-linked. Primitives (LE/BE), nested structs, arrays, constants, enums, conditionals and full expressions. Saved locally and shareable.
Certificates
Finds PEM- and DER-encoded X.509 certificates and renders subject, issuer, serial, validity window, key and signature algorithms, SANs, key usage and SHA-256 fingerprint. Triage expired or self-signed certs in a firmware image.
Keys & Secrets
Finds embedded cryptographic material: PEM key blocks (RSA, EC, DSA, OpenSSH), PKCS#1/PKCS#8 DER, EC private keys, OpenSSH one-liners and v1 magic, PKCS#12/PFX. Sweep a dump for accidentally embedded private keys.
Preview
Renders embedded media directly: images (PNG, JPEG, GIF, BMP, WebP), audio (WAV, MP3, OGG, FLAC) and video (Matroska, MP4). Spot a JPEG inside a ZIP, or play an MP3 stashed at the end of a PNG.
Carver
Searches for 17 embedded formats, each with its own structural validator where possible — exact lengths for PNG/JPEG/ZIP/ELF, offset and class for magic-only matches. Split a monolithic disk image into its files without the filesystem.
Timestamps
Scans for plausible timestamps: 32- and 64-bit Unix, Windows FILETIME, WebKit time and OLE automation dates, filtered to a sensible range. Build a timeline from an undocumented log or packed database.
Transforms
A transform pipeline: hex and Base64 encode/decode, XOR with a byte or full key, and inflate (zlib, raw DEFLATE, gzip). Each step feeds the next, with intermediate results shown — unwrap base64 → zlib → xor in one pass.
Cipher
A classical-cipher workbench with brute-forcing and an English-frequency scorer: Caesar (any shift), Atbash, XOR-byte brute, Vigenère with a known key, and a “try everything” mode.
Rules (YARA-like)
A compact YARA-like engine — ASCII, hex (with ?? wildcards) and regex patterns combined with any/all/N-of plus basic boolean conditions. Reuse a sharing-friendly ruleset for recurring triage.
…and more
Case export
Bookmarks, evidence, patches, hashes and diffs bundle into one portable case file you can hand to a colleague.
Local persistence
Templates, rulesets and annotations are saved in the browser, ready when you return.
Command palette
Reach any panel or action without hunting through menus.
An unknown firmware image
Entropy to find the packed regions, the carver and SquashFS tools to unpack U-Boot, kernel and rootfs, then certificates and keys to check the chain of trust — all in one tab.
A suspicious PDF attachment
PDF surgery and structures to expose the objects, transforms to unwrap encoded streams, IOCs to list every indicator, and a hash for the record.
A CTF stego challenge
Preview to see hidden media, the cipher workbench for classical obfuscation, and the transform pipeline to peel back the layers — no one-off scripts.
Truthful, not flashy.
Leviathan is in early access. If you'd like to take it for a run in your own environment, get in touch.