Offline • Deterministic • Secure • Forensics & Compliance Toolkit
SeedTools Suite is an offline, deterministic security toolkit for:
- Bitcoin seed recovery
- entropy analysis
- crypto forensics
- NGO verification workflows
- compliance automation
Designed for high‑risk users, journalists, activists, and organizations operating in adversarial environments.
- deterministic seed recovery
- entropy analysis & anomaly detection
- BIP32/44/49/84/86/Taproot path exploration
- address & UTXO scanning
- NGO verification workflows
- compliance automation (GDPR, SOC2, IAM, Licensing)
- offline audit trail generation
SeedTools Suite includes a complete architecture documentation set covering:
- System Architecture
- Module Map
- Data Flow Diagram
- Trust Boundaries
- Architecture Diagrams
All architecture documentation is located in:
docs/architecture/
├── system-architecture.md
├── modules.md
├── data-flow.md
├── trust-boundaries.md
└── diagrams.md
SeedTools includes a deterministic recovery pipeline for:
- mnemonic → entropy → seed → keys
- path exploration
- anomaly detection
Full recovery workflow documentation will be added in future releases.
(Folder docs/recovery/ does not exist yet — documentation will be created later.)
SeedTools supports NGO verification and audit workflows, including:
- identity verification
- document integrity checks
- compliance evidence generation
Detailed NGO workflow documentation will be added in future releases.
(Folder docs/ngo/ does not exist yet — documentation will be created later.)
The Compliance Suite is fully documented and available here:
docs/compliance/
It includes:
- Compliance Suite Architecture
- Rules Engine
- Compliance Diagram
- GDPR / SOC2 / IAM / Licensing workflows
SeedTools Suite consists of the following modules:
- Mnemonic Tools
- Entropy Tools
- Path Explorer
- Scanner
- Forensics Engine
- Compliance Suite
- Reporting Engine
Module documentation is located in:
modules/
git clone https://github.com/Krunixbase/seedtools
cd seedtools
pip install -r requirements.txt
python seedtools.py --help
The CLI module is planned and documented here:
- CLI API
- CLI Roadmap
- Desktop GUI
- Shamir Tools
- Taproot forensics
- NGO reporting engine
- Full compliance automation
Full roadmap is available here:
- SeedTools PRO Roadmap
If you find SeedTools useful and want to support its development, security research, and maintenance, you can donate BTC.
Bitcoin (BTC):
bc1qj2gwhsraad4stznukpp9my764nggmkjea84hd2
Your support helps fund:
- ongoing development of SeedTools Suite
- security audits and cryptographic reviews
- documentation and research
- maintenance of offline and air‑gapped workflows
Thank you for supporting open‑source security tools.
SeedTools Suite was designed as a next generation of security tools, combining:
- deterministic cryptographic operations
- entropy analysis and forensics
- NGO verification workflows
- compliance automation
- modular enterprise architecture
Why SeedTools?
- Offline-first — works in air-gapped environments
- Auditable — every step is repeatable and verifiable
- Modular — easily extensible and integrated
- Secure — zero telemetry, zero network, zero API
- Practical — real-world use cases for NGOs, security, and compliance
- Professional — documentation, whitepaper, demo, roadmap
SeedTools Suite is not just another "seed tool."
It's a security platform.
SeedTools includes deterministic, offline‑safe demos illustrating how the toolkit works in practice.
— core examples covering mnemonic → entropy → seed → address derivation.
— extended workflows including Taproot, Ethereum, and multi‑path derivations.
Demo files:
demo/
├── README-demo.md
└── README-seedtools-extra-demo.md
These demos are deterministic, reproducible, and safe for air‑gapped environments.
SeedTools Suite includes three short demonstration videos showing deterministic, offline‑safe workflows using official BIP‑39 test vectors (12, 18 and 24 words).
All seeds come from the public BIP‑39 specification and have no financial value.
- 12‑word demo — deterministic seed → seed and seed → xprv verification
- 18‑word demo — demonstration on a longer seed with deterministic output validation
- 24‑word demo — full deterministic demonstration using the longest test vector
Video files are stored in the repository:
seedtools/demo/videos/
These videos are compressed for GitHub (<25 MB each) and safe for offline environments.
SeedTools Suite uses a structured and auditable development workflow designed for security‑critical environments, deterministic builds, and long‑term maintainability.
-
main — stable, production‑ready branch.
Contains only reviewed and tested code. All release tags (v1.x.x) are created frommain. -
dev — active development branch.
All new features, improvements, and refactors are merged here before stabilization. -
release/v1.x — release preparation branches.
Used for final QA, documentation updates, version bumps, and preparing stable releases.
Example:release/v1.0. -
hotfix/v1.x.x — emergency patches for production.
Critical fixes start frommainand are merged back into bothmainanddev.
-
Developers create feature branches from dev
(feature/short-description) -
Completed features are merged into dev via Pull Requests
-
When preparing a release:
dev → release/v1.x -
After stabilization and QA:
release/v1.x → main -
A version tag is created on main
(v1.0.0,v1.1.0, etc.) -
Hotfixes start from main and merge back into both main and dev
-
Feature branches:
feature/short-description -
Bugfix branches:
bugfix/issue-id-description -
Release branches:
release/vX.Y -
Hotfix branches:
hotfix/vX.Y.Z
- Ensures deterministic, stable releases
- Keeps production code isolated from development
- Supports offline, auditable security workflows
- Matches expectations of security‑focused grant programs
- Enables clean versioning and long‑term maintenance
SeedTools Suite follows a strict, offline‑first security model designed for adversarial environments, high‑risk users, and deterministic cryptographic workflows.
The model is based on four pillars: Isolation, Determinism, Transparency, and Minimal Attack Surface.
SeedTools is designed to operate in fully offline, air‑gapped environments.
- No network connections
- No telemetry
- No external API calls
- No automatic updates
- All operations run locally and deterministically
This ensures that sensitive data (mnemonics, entropy, seeds, keys, compliance evidence) never leaves the device.
All cryptographic operations follow deterministic, reproducible workflows:
- BIP‑39 → entropy → seed
- BIP‑32/44/49/84/86 derivation
- Taproot deterministic paths
- Deterministic forensics workflows
- Deterministic compliance evidence generation
This allows independent verification, reproducibility, and offline audits.
SeedTools defines clear trust boundaries across modules:
- Core cryptography (entropy, seed, derivation)
- Forensics engine (analysis, scanning, anomaly detection)
- Compliance suite (rules engine, audit trails)
- NGO workflows (identity, document integrity, verification)
- CLI / GUI (user interaction layer)
Each boundary is isolated to prevent cross‑module data leakage.
Full trust boundary documentation is available in:
docs/architecture/trust-boundaries.md
SeedTools assumes an adversarial environment with threats including:
- Device compromise
- Malware / keyloggers
- Supply‑chain attacks
- Side‑channel attacks
- Human error
- Data corruption
- Insider threats
- Forensics tampering
The toolkit mitigates these threats through:
- Offline execution
- Deterministic workflows
- No external dependencies
- Minimal code surface
- Reproducible builds
- Clear audit trails
Detailed threat model:
docs/security/threat-model.md
SeedTools minimizes attack surface by design:
- No networking stack
- No browser engine
- No remote calls
- No dynamic imports
- No background services
- Minimal dependencies
- Strict module boundaries
This dramatically reduces the number of possible attack vectors.
SeedTools includes a hardened mode for high‑risk users:
- Read‑only execution
- No file writes
- No logs
- No caching
- No temporary files
- Memory‑only operations
Documentation:
docs/security/hardened-mode.md
Sensitive data is masked at every stage:
- In‑memory masking
- Zeroization of buffers
- No plaintext persistence
- No accidental logging
- No stack traces with sensitive data
Documentation:
docs/security/masking-layer.md
All security documentation is located in:
docs/security/
├── security-model.md
├── threat-model.md
├── attack-surface.md
├── hardened-mode.md
└── masking-layer.md
An ecosystem built on truth.
Systems that do not lie.
Tools that never guess.
Krunixbase exists because the world needs software that is always true — regardless of context, device, or interpretation. This is the foundation of the entire ecosystem and the reason SeedTools Suite was created.
- Truth — results are deterministic, predictable, and verifiable.
- Determinism — the same input always produces the same output.
- Transparency — no hidden logic, no magic, no ambiguity.
- Security — simplicity, modularity, and clarity form the basis of safety.
- Minimalism — no unnecessary features, no noise, no bloat.
- Authenticity — the ecosystem was built from real needs, not marketing.
- Freedom — tools that empower the user, not control them.
- Responsibility — if a tool can help people, it must be reliable.
- Human‑centric design — technology is a means, not the goal.
The complete version of the Krunixbase Manifest — describing the philosophy, mission, and values of the ecosystem — is available in the Krunixbase Ecosystem repository.
The Manifest defines the identity of the project.
It shows that SeedTools Suite is not a random collection of utilities, but a part of a larger vision — an ecosystem built on truth, determinism, and responsibility.
MIT License.
Email: krunixbase@gmail.com
Repository: https://github.com/Krunixbase/seedtools