whatisgithub

What is grimoire?

penthertz/grimoire — explained in plain English

Analysis updated 2026-05-18

98PythonAudience · developerComplexity · 2/5Setup · moderate

In one sentence

A tool that indexes more than 20 well known security knowledge repositories into one local search database with a single search interface, working fully offline.

Mindmap

mindmap
  root((Grimoire))
    What it does
      Indexes security knowledge bases
      Full text local search
      Optional AI query mode
    Tech stack
      Python
      SQLite
      BM25 ranking
    Use cases
      Search security references
      Build technique checklists
      Offline security research
    Audience
      Developers
      Researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Search across more than 20 security knowledge bases like HackTricks and OWASP guides in one query.

USE CASE 2

Add your own notes or an Obsidian vault to the index alongside the external sources.

USE CASE 3

Let an AI assistant query the local index through MCP mode to look up techniques or build checklists.

What is it built with?

PythonSQLite

How does it compare?

penthertz/grimoirehuey1in/windsurfxkeon/jepa
Stars989797
LanguagePythonPythonPython
Setup difficultymoderatemoderatemoderate
Complexity2/53/54/5
Audiencedeveloperdeveloperresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Initial setup clones over 20 external repositories, which can take a while depending on connection speed.

No license is listed in the README.

So what is it?

Grimoire is a tool that collects more than 20 well-known security knowledge repositories, indexes all of their content into a single local search database, and serves a web interface where you can search across all of them at once. The idea is that instead of opening HackTricks in one browser tab, PayloadsAllTheThings in another, and the OWASP guides somewhere else, you type one search query and get matching results from every source at once, each linking back to the original file. The knowledge bases it indexes cover a wide range of offensive and defensive security topics. Included sources cover web application attacks (OWASP WSTG, OWASP API Top 10, cheat sheets), Active Directory attacks, command and control frameworks, mobile security (OWASP MASTG and MASVS), living-off-the-land references (GTFOBins, LOLBAS), reverse engineering (Ghidra docs, radare2, angr), hardware fault injection and chip glitching, Bluetooth and WiFi security, software-defined radio, OSINT, forensics and incident response, and compliance frameworks. The tool is a single Python script. Running it clones all the configured repositories to your machine, builds a SQLite full-text search index, and starts a local web server. After the initial setup there are no external calls at runtime, so it works fully offline. Search rankings use BM25, which is a standard approach for relevance scoring in full-text search. You can add your own notes or point it at an Obsidian vault and it will index those alongside the external sources. An optional MCP mode exposes the index to AI coding assistants like Claude or Codex, which can then query the knowledge base to look up techniques, build checklists, or compile cited guides on a topic. This mode has a read-only default that prevents the AI from running shell commands, with an opt-in mode for letting it detect and install tools under a restricted denylist. The project comes from Penthertz, a security firm, and is part of their RF-Swift toolkit. It requires Python and has no mandatory external services. No license is listed in the README.

Copy-paste prompts

Prompt 1
Walk me through running Grimoire's setup script to clone and index all the configured repositories
Prompt 2
Explain what BM25 ranking means and how Grimoire uses it to rank search results
Prompt 3
Explain the difference between Grimoire's read only MCP mode and its opt in tool installing mode
Prompt 4
Help me add my own Obsidian vault to Grimoire's search index

Frequently asked questions

What is grimoire?

A tool that indexes more than 20 well known security knowledge repositories into one local search database with a single search interface, working fully offline.

What language is grimoire written in?

Mainly Python. The stack also includes Python, SQLite.

What license does grimoire use?

No license is listed in the README.

How hard is grimoire to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is grimoire for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.