Precision-engineered software for developer productivity, passive network security, and performant consumer SaaS. No bloat. No dark patterns.
Browser-based file conversion. HEIC, video, images. Files never leave your device. No uploads, no servers, no tracking. Privacy as architecture.
The open-source foundation of the full SNF engine. Complete and production-ready. Raw packet capture, flow reconstruction, deterministic protocol parsing (DNS, TLS, HTTP) with structured NDJSON output. Air-gap native. Memory-safe Rust.
The full proprietary SNF platform - 25-phase pipeline spanning protocol parsing, behavior detection, and forensic output. C2 beacons, 7-component DGA scoring, DNS tunneling, port scan, lateral movement, full ICS/SCADA (Modbus, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), JA3/JA3S/JA4 TLS fingerprinting, passive OS fingerprinting, offline IOC matching, .rsaa sealed evidence bundles (Merkle chain + Ed25519), SIEM export (Splunk, Elastic, CEF, LEEF, STIX). Zero network calls. Deterministic by architecture.
Visit shadownf.com →Zero-knowledge encrypted paste service. Encrypted in your browser with AES-256-GCM before it leaves your device. The key lives only in the URL fragment - which browsers never transmit. We literally cannot read your data. Burn-after-reading, TTL expiry, password protection.
RSAAT Labs / 04 Active
Locally executing, strongly typed, and fundamentally secure by architecture. Built to solve problems, not create them.
A browser-based file conversion tool supporting images (HEIC, JPEG, PNG, WEBP, AVIF, GIF, BMP, TIFF), video compression, and format conversion. Everything runs client-side using WebAssembly. Your files never leave your device. No uploads, no cloud processing, no data retention. Available as a free tier with a Pro subscription for unlimited conversions and larger file sizes.
The public open-core component of the full SNF engine. Complete, production-ready, and Apache 2.0 licensed. Handles full packet capture pipeline, TCP/UDP flow reconstruction, and deterministic protocol parsing across DNS (UDP/TCP), TLS 1.0–1.3, QUIC, HTTP/1.1, HTTP/2, ICMP, DHCP, and SMB - emitting structured NDJSON output. Builds with zero errors and zero warnings on Windows 11 and RHEL9. Tested against real-world PCAP datasets. No telemetry, no cloud dependencies, zero internet access required. The intelligence and forensics layers - C2 detection, ICS/SCADA coverage, evidence bundles, SIEM export, IOC matching, redaction - are proprietary and part of the full SNF Engine.
The full proprietary SNF platform, built on SNF-Core and extended across 25 phases of intelligence and forensic instrumentation. Protocol coverage (16+ analyzers): DNS (UDP/TCP/DoH/DoT/DoQ), mDNS, TLS 1.0–1.3, QUIC+SNI, HTTP/1.1, HTTP/2, ICMP, DHCP/DHCPv6, SMB, full ICS/SCADA (Modbus/TCP, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), and enterprise auth (Kerberos, LDAP, RADIUS). Behavior engine: C2 beacon detection (sliding-window CV analysis), 7-component DGA domain scoring (entropy, n-gram, vowel ratio, digit ratio, TLD, length, subdomain depth), DNS tunnel tree profiling, port scan and SMB lateral movement, ICMP flood, TCP flag abuse, enterprise attack detection (Kerberoasting, LDAP recon), living-off-the-land, and data exfiltration detection. Intelligence: JA3/JA3S/JA4 TLS fingerprinting with offline threat matching across known malware families (Emotet, TrickBot, Cobalt Strike, Lazarus, Ryuk, Conti, Dridex, QakBot, AsyncRAT, IcedID, and more). Passive OS fingerprinting (TTL/window/MSS/options/DF signals). ASN, GeoIP, and reverse DNS attribution. Output: Signed .rsaa sealed evidence bundles - Merkle chain integrity (SHA-256 linked per event), Ed25519 session signing, and Bloom filter - verifiable with the standalone rsaa_verify binary. SIEM export: Splunk, Elastic ECS, CEF/ArcSight, LEEF/IBM QRadar, and STIX 2.1. Phase 23 structured query engine: SQL-like offline queries on session NDJSON, air-gap safe. Phase 20 PCAP redaction: IP anonymization, MAC randomization, payload scrubbing - GDPR/HIPAA safe output. Phase 22 multi-session correlation: cross-capture persistent actor tracking across N independent captures. Capture backends: libpcap, AF_XDP (Linux zero-copy), DPDK. Determinism guarantee: F(dataset, config, version) = SHA-256-identical NDJSON on any machine, any analyst, any time. Court-admissible evidence bundles with verifiable chain of custody. 40+ CLI flags. Hardware auto-scaling with NUMA-aware worker pool and RSS configuration.
Visit shadownf.com →A zero-knowledge encrypted paste service built on the principle that we should be architecturally incapable of reading your data - not just policy-committed to not reading it. Every paste is encrypted in your browser with AES-256-GCM (the same standard the NSA uses for TOP SECRET data) before any bytes leave your device. The 256-bit key is placed only in the URL fragment, which browsers never include in HTTP requests. The server receives an encrypted blob mathematically indistinguishable from random noise. Burn-after-reading with atomic Redis Lua scripts - race-condition proof. Password protection with PBKDF2-SHA256 at 310,000 iterations (2023 OWASP spec). URL fragment erasure after decryption. 30-second clipboard auto-clear. Sandboxed HTML rendering. No raw IPs stored - HMAC-SHA256 hashes only. Redis TTL auto-deletion, no cleanup cron jobs. Even a full database breach exposes zero plaintext content.
RSAAT Labs • Est. 2026
RSAAT Labs is an independent software lab. We build tools that solve real problems with precision and minimal overhead. No bloat, no dark patterns, no nonsense. Every product that ships from this lab is built to be genuinely useful, technically sound, and respectful of the people using it.
We operate at the intersection of developer tooling, consumer SaaS, and deep security engineering. The goal is simple: ship software that works, earns trust, and does not waste the user's time.
RSAAT Labs is the parent organization. Under it operates SNF Labs as an independent division focused exclusively on passive network security and forensics tooling. SNF Labs carries its own brand identity, maintains its own presence, and targets a distinct audience - security researchers, incident responders, and critical infrastructure operators. Both entities share the same founding values but operate independently in terms of product, brand, and go-to-market.
A browser-based file conversion tool supporting images (HEIC, JPEG, PNG, WEBP, AVIF, GIF, BMP, TIFF), video compression, and format conversion. Everything runs client-side using WebAssembly. Your files never leave your device. No uploads, no cloud processing, no data retention. Available as a free tier with a Pro subscription for unlimited conversions and larger file sizes.
A zero-knowledge encrypted paste service. Every paste is encrypted in your browser using AES-256-GCM before it ever reaches the server. The decryption key lives only in the URL fragment - which browsers never transmit. We are architecturally incapable of reading your content, not merely policy-committed to not reading it. Burn-after-reading (atomic, race-condition proof), TTL expiry, password protection with PBKDF2-SHA256 at 310,000 iterations, sandboxed HTML rendering, and HMAC-hashed IP rate limiting. No raw IPs stored. Zero plaintext exposure even in a full database breach.
The public open-core foundation of the full SNF engine. Complete and production-ready. Handles raw packet capture, TCP/UDP flow reconstruction, and deterministic protocol parsing across DNS, TLS 1.0–1.3, QUIC, HTTP/1.1, HTTP/2, ICMP, DHCP, and SMB - outputting structured NDJSON. Zero errors, zero warnings on Windows 11 and RHEL9. The intelligence and forensics layers are proprietary and part of the full SNF Engine.
The full proprietary SNF platform, built on SNF-Core across 25 phases of intelligence and forensic instrumentation. Protocol coverage (16+ analyzers): DNS (UDP/TCP/DoH/DoT/DoQ), mDNS, TLS 1.0–1.3, QUIC+SNI, HTTP/1.1, HTTP/2, ICMP, DHCP/DHCPv6, SMB, ICS/SCADA (Modbus/TCP, S7comm, EtherNet/IP/CIP, PROFINET, DNP3), and enterprise auth (Kerberos, LDAP, RADIUS). Behavior engine: C2 beacon detection, 7-component DGA scoring, DNS tunnel profiling, port scan, lateral movement, TCP flag abuse, Kerberoasting/LDAP recon detection, living-off-the-land, and data exfiltration detection.
JA3/JA3S/JA4 TLS fingerprinting with offline threat matching across known malware families (Emotet, TrickBot, Cobalt Strike, Lazarus, Ryuk, Conti, QakBot, Dridex, and more). Passive OS fingerprinting (TTL/window/MSS/options/DF). Signed .rsaa sealed evidence bundles - Merkle chain + Ed25519 per-session signing, verifiable offline. SIEM export to Splunk, Elastic ECS, CEF/ArcSight, LEEF/IBM QRadar, and STIX 2.1. Phase 23 structured query engine, Phase 22 multi-session actor correlation, Phase 20 PCAP redaction (GDPR/HIPAA). Capture backends: libpcap, AF_XDP, DPDK. Determinism guarantee: F(dataset, config, version) = SHA-256-identical NDJSON on any machine, any analyst, any time. Court-admissible evidence with verifiable chain of custody. Developed and maintained by SNF Labs, a division of RSAAT Labs.
RSAAT Labs operates on a simple principle: software should do what it says it does. Nothing more.
We do not collect data we do not need. We do not add features that do not serve the user. We do not hide costs or obscure pricing. Every architectural decision starts from a single question: does this genuinely help the person using it?
Privacy is not a checkbox. In ZenConvert, files never touch a server because we designed it that way. In ScorchPad, we are architecturally incapable of reading your paste content - not merely policy-committed to it. In SNF, zero network calls is not a feature - it is the foundation. Building with constraints produces better, faster software.
For inquiries, support, or anything else, reach out via the individual product pages. General correspondence can be directed to the contact channels listed there.
Disclaimer: All products and tools provided by RSAAT Labs and its divisions are offered strictly as-is, with no warranties of any kind. RSAAT Labs and its operators accept no legal liability for any damages, data loss, or consequences arising from use of any product. Use at your own risk.
Last updated: May 7, 2026
RSAAT Labs takes a minimal approach to data. Most of our tools are designed to operate entirely client-side, meaning your files and data never reach our servers.
For products that require accounts (such as ZenConvert Pro), we collect your email address and payment status only. Payment processing is handled entirely by third-party providers (Razorpay, Lemon Squeezy). We never see or store card or bank details.
We may collect anonymized usage counters solely for enforcing free tier limits. This data is hashed and non-identifiable.
Our products may use third-party services including Clerk (authentication), Razorpay (payments), Lemon Squeezy (payments), Vercel (hosting), Supabase (database), and Sentry (error monitoring). Each operates under their own privacy policies.
We use only essential session cookies required for authentication. No advertising cookies, no tracking pixels, no third-party analytics cookies.
You may request deletion of your account and associated data at any time by contacting us via the product support channels. We will process deletion within 30 days.
RSAAT Labs provides all products and services as-is. We accept no legal liability for any data loss, privacy breach caused by third-party services, or any other damages arising from your use of our products. You use all tools at your own risk and must review third-party service policies independently.
Last updated: May 7, 2026
By accessing or using any RSAAT Labs product or website, you agree to these Terms in full. If you do not agree, you must stop using all RSAAT Labs products immediately and exit this site.
These Terms constitute a legally binding agreement between you and RSAAT Labs. Continued use of any RSAAT Labs product after these Terms are posted constitutes acceptance.
All products, tools, and services provided by RSAAT Labs are offered strictly as-is and as-available, with no warranties of any kind, express or implied.
To the fullest extent permitted by applicable law, RSAAT Labs and its operators, employees, and agents accept absolutely no legal liability of any kind for any direct, indirect, incidental, consequential, special, exemplary, or punitive damages. This includes but is not limited to: data loss, file corruption, conversion errors, service downtime, security incidents, or any other harm arising from your use of or inability to use any RSAAT Labs product.
You use all RSAAT Labs products entirely at your own risk. By using any product, you irrevocably waive all claims against RSAAT Labs and its operators to the maximum extent permitted by law.
You agree to indemnify, defend, and hold harmless RSAAT Labs and its operators from any claims, liabilities, damages, and expenses arising from your use of our products, your violation of these Terms, or your violation of any third-party rights.
Paid subscriptions are billed through third-party processors. All sales are final. We do not offer refunds except where required by applicable law. Subscriptions may be cancelled at any time but access continues until the end of the billing period.
We may suspend or terminate your access to any RSAAT Labs product at any time, for any reason, without notice or liability.
We reserve the right to modify these Terms at any time. Continued use after changes are posted constitutes acceptance of the revised Terms.
If any provision of these Terms is found unenforceable, the remaining provisions continue in full force.
To the fullest extent permitted by applicable law, you irrevocably waive any and all claims, demands, and causes of action against RSAAT Labs, its owners, operators, employees, and agents. This waiver applies to all damages of any kind, whether arising in contract, tort, negligence, or otherwise, and survives termination of these Terms.