SmokeMont creates native utilities for authorized teams: validate outbound paths with Egress, review endpoint appearance with Persona, collect incident material with Material, and plan macOS operator runbooks with Vector.
Each SmokeMont app is a native tool with explicit operator action, clear evidence, and no service install workflow.
Collect read-only incident-response material from Windows or macOS endpoints, including system identity, network posture, processes, persistence indicators, security posture, and recent log signals.
Windows portable EXE + macOS app | AGPLv3 source license | reserved SmokeMont branding
Validate outbound network behavior from a Windows endpoint across DNS, HTTPS, WebSocket, UDP/443, HTTP/2, HTTP/3-style probes, and SSH-over-443 paths.
Windows portable | AGPLv3 source license | reserved SmokeMont branding
Assess endpoint appearance with profile fit scoring, local network fingerprint reporting, public egress identity review, session comparison, and PDF reporting.
Windows portable | AGPLv3 source license | reserved SmokeMont branding
Plan authorized macOS operator runbooks with templates, authorization context, readiness scoring, project save/open, and Markdown/PDF export.
macOS app | AGPLv3 source license | reserved SmokeMont branding
Egress validates what can leave a Windows endpoint through controlled, benign probes across common outbound paths.
Material helps responders gather host evidence quickly during authorized triage without installing an agent or changing endpoint configuration.
Material is observational software. It does not remediate, quarantine, terminate processes, delete files, or modify host configuration.
Persona helps operators answer a practical security question: from local configuration, traffic metadata, and public egress identity, what does this endpoint appear to be?
Persona is observational software. It does not spoof, randomize, or mutate host settings; it provides a shared evidence trail for endpoint identity, exposure, and engagement reporting.
Vector helps authorized Mac operators turn scope, assumptions, validation steps, detection hypotheses, and stop conditions into a reusable runbook before activity begins.
Vector is planning software. It does not scan hosts, collect endpoint data, bypass controls, modify systems, or perform offensive actions.
A publishable whitepaper for the SmokeMont operator workflow: plan with Vector, validate with Egress, observe with Persona, collect with Material, then review the evidence and feed lessons back into the next runbook.
Current official SmokeMont builds are available below. Always run tools only on systems and networks where you have permission.
Across all SmokeMont tools, SmokeMont emphasizes controlled execution, field portability, and reporting that stands up in technical review.
Actions run only after explicit operator input, with visible scope and conservative collection behavior.
Reports document selected modes, observed signals, result meaning, timestamps, and operator context.
Native Windows and macOS builds support field use on authorized systems without a service install or heavyweight runtime workflow.
Official SmokeMont releases use reserved branding so teams can distinguish maintained builds from modified internal versions.
SmokeMont code is licensed under the GNU AGPLv3. The SmokeMont name, logo, icon, and related branding are reserved so users can distinguish official releases from modified builds.