Projects

Security, systems, and tooling — built in Rust

A pentesting toolkit that runs as an MCP server, giving AI assistants structured access to industry-standard security tools through a safety-hardened interface.

Rust MCP AI Pentesting Automation Security

TypeScript MCP client for the Raven Nest pentesting server. Communicates via JSON-RPC 2.0 over stdio, providing tool discovery, inspection, and execution through both an interactive REPL and one-shot CLI commands.

TypeScript Bun MCP JSON-RPC Security

Comprehensive automation tool for securing Linux systems. Scans for misconfigurations, applies hardening recommendations, and enables safe rollback of changes. Features CLI, desktop (Tauri), and web interfaces. Published on the Arch User Repository (AUR).

Rust Tauri Leptos SQLite Ed25519 WASM

GTK4 keybinding manager for Hyprland with conflict detection, security validation, and automatic backups. Published on the Arch User Repository (AUR).

Rust GTK4 Hyprland

Common security tasks like password strength analysis, hash generation, and basic network scanning often require multiple separate tools or online services (which may not be trustworthy). Need a unified, offline toolkit for security professionals and developers.

Rust Argon2id ring (Crypto) clap (CLI) tokio (Async)

Need a lightweight, real-time system monitoring solution that doesn't require heavyweight frameworks or complex installations. Traditional monitoring tools are often over-engineered for personal use or local development environments.

Rust Actix-web Server-Sent Events sysinfo HTMX

Chess application built as a Rust workspace with clean crate separation — pure domain logic, async Stockfish UCI engine integration, and an egui desktop GUI with graphical board rendering.

Rust egui Tokio UCI Protocol Stockfish

Backing up GitHub repositories manually is tedious and error-prone. Need an automated solution to export repositories with full metadata (issues, pull requests, releases) for archival, migration, or offline access.

Rust GitHub REST API reqwest (HTTP) tokio (Async) serde (JSON)

Most portfolio websites focus on aesthetics over security. I needed a platform that demonstrates production-grade security engineering whilst showcasing my projects and technical expertise.

Rust Actix-web 4.11 PostgreSQL 17 SQLx Argon2id HTMX Alpine.js Tailwind CSS

Project Details

Raven Nest MCP

MCP Pentesting Server • Security

A pentesting toolkit that runs as an MCP server, giving AI assistants structured access to industry-standard security tools through a safety-hardened interface.

Key Features

Wraps 11 security tools (nmap, nuclei, sqlmap, hydra, and more)
Input validation and execution containment
Output sanitisation for safe AI consumption
Structured tool interface via Model Context Protocol

Tech Stack

Rust MCP AI Pentesting Automation Security

GitHub GitLab

Raven Nest Client

MCP Client • Security

Key Features

JSON-RPC 2.0 transport over stdio to the Rust MCP server
Interactive REPL with tool listing, calling, and inspection
One-shot CLI mode for scripting and automation
16 integration tests with 28 assertions
Configurable server binary path via environment variable

Tech Stack

TypeScript Bun MCP JSON-RPC Security

GitHub GitLab

Linux System Hardener

Security Automation • Security

Problem Statement

Securing Linux systems requires expertise across kernel parameters, SSH, firewalls, PAM, and more. Manual hardening is error-prone and challenging to reverse. Existing tools lack comprehensive coverage or safe rollback capabilities.

Solution Approach

Built a plugin-based hardening framework with checkpoint-based rollback using Ed25519-signed SQLite snapshots. Eight security plugins cover kernel hardening, SSH, firewalls (nftables/firewalld/ufw), PAM, services, auditd, file permissions, and MAC frameworks (SELinux/AppArmor).

Key Features

Security scanning to identify configuration weaknesses
Automated hardening with dry-run capabilities
Checkpoint-based rollback with cryptographic signatures
Multi-distribution support (Debian, RHEL, Arch, openSUSE)
CLI, Tauri desktop, and WASM web interfaces
Scheduled scanning via systemd timers
550+ tests across 13 crates
Available on AUR for Arch Linux users

Security Plugins

Kernel Hardening SSH Security Firewall (nftables) PAM Auth Service Minimisation Audit Daemon File Permissions SELinux/AppArmor

Tech Stack

Rust Tauri Leptos SQLite Ed25519 WASM

GitHub GitLab AUR Package

Hyprland Keybind Manager

GTK4 Application • Systems

GTK4 keybinding manager for Hyprland with conflict detection, security validation, and automatic backups. Published on the Arch User Repository (AUR).

Key Features

Conflict detection for keybindings
Security validation
Automatic backup system
GTK4-based user interface
Available on AUR for Arch Linux users

Tech Stack

Rust GTK4 Hyprland

GitHub GitLab AUR Package

Security Toolkit

CLI Security Tools • Security

Problem Statement

Solution Approach

Created a comprehensive command-line security toolkit in Rust providing multiple security utilities in one binary. Implements industry-standard algorithms and practices, with a focus on educational output that explains the "why" behind each tool.

Password strength validator (entropy-based, not just character rules)
Hash generator (Argon2id, bcrypt, PBKDF2, SHA-256/512)
Network scanner (port scanning, service detection)
Certificate inspector (TLS/SSL certificate analysis)
Entropy analyser for randomness testing
Educational output explaining security concepts

Security & Ethics

Educational purpose — includes explanations and best practices
Ethical usage warnings in CLI and documentation
Legal disclaimer: only use on systems you own/have permission
No password transmission — all processing local
Uses well-audited cryptographic libraries (ring, argon2)

Tech Stack

Rust Argon2id ring (Crypto) clap (CLI) tokio (Async)

GitHub GitLab

System Monitor

Real-time Dashboard • Systems

Problem Statement

Solution Approach

Developed a Rust-based system monitoring dashboard using Server-Sent Events (SSE) for real-time updates. The backend collects system metrics (CPU, memory, disk, network) and streams them to the frontend via SSE. HTMX handles dynamic updates without writing custom JavaScript.

Server-Sent Events for efficient real-time streaming
sysinfo crate for cross-platform system metrics
HTMX for declarative real-time UI updates
Minimal resource overhead (~5MB RAM, <1% CPU)
Historical data tracking with time-series visualisation

Key Challenges

SSE Connection Management: Handling client disconnections gracefully and preventing memory leaks. Implemented automatic clean-up with weak references.
Cross-Platform Metrics: Different APIs for Linux, macOS, Windows. Leveraged sysinfo crate's abstraction layer for consistency.
Update Frequency Balance: Too frequent = resource waste, too slow = stale data. Settled on 1-second intervals with configurable throttling.

Learning Outcomes

Gained deep understanding of SSE protocol and its advantages over WebSockets for unidirectional data streaming. Learnt how to efficiently collect system metrics in Rust and manage async tasks. Discovered HTMX's power for building real-time UIs without complex JavaScript frameworks.

Tech Stack

Rust Actix-web Server-Sent Events sysinfo HTMX

GitHub GitLab

Rust Chess Engine

Desktop Application • Algorithms

Chess application built as a Rust workspace with clean crate separation — pure domain logic, async Stockfish UCI engine integration, and an egui desktop GUI with graphical board rendering.

Key Features

Workspace architecture — core, engine, and desktop crates
Stockfish UCI integration with configurable skill levels and search depth
egui desktop GUI with graphical board and piece rendering
Pure domain logic with zero external dependencies in core crate

Tech Stack

Rust egui Tokio UCI Protocol Stockfish

GitHub GitLab

Repository Exporter

Automation Tool • Automation

Problem Statement

Solution Approach

Built a CLI tool that interfaces with GitHub's REST API to export repositories as structured archives.

GitHub REST API integration with authentication
Parallel fetching for performance (async/await)
Multiple export formats (JSON, Markdown, ZIP)
Incremental exports (only fetch changes since last run)
Rate limiting awareness (respects GitHub API limits)

Tech Stack

Rust GitHub REST API reqwest (HTTP) tokio (Async) serde (JSON)

GitHub GitLab

Security-First Portfolio

This Website • Security

Problem Statement

Most portfolio websites focus on aesthetics over security. I needed a platform that demonstrates production-grade security engineering whilst showcasing my projects and technical expertise.

Solution Approach

Built a full-stack web application using Rust and Actix-web with a security-first architecture.

JWT authentication with refresh token rotation
Argon2id password hashing (OWASP recommended)
10 OWASP security headers (CSP, HSTS, COOP, etc.)
Rate limiting with account lockout protection
PostgreSQL with Row-Level Security (RLS)
Request tracing with unique IDs for audit correlation

Security Considerations

Zero-trust architecture — validate everything
Defence in depth — multiple security layers
Transparent security posture via /security endpoint
Automated security scanning in CI/CD (cargo audit)
Token transport via Authorization header (CSRF-immune)

Tech Stack

Rust Actix-web 4.11 PostgreSQL 17 SQLx Argon2id HTMX Alpine.js Tailwind CSS

View Security

Let's Build Something

I'm looking for a team that cares about code quality, security, and having a good time doing it. Based in Göteborg, open to remote — backend, security engineering, or DevSecOps.

Get in Touch Download CV

Projects

Raven Nest MCP

Raven Nest Client

Linux System Hardener

Hyprland Keybind Manager

Security Toolkit

System Monitor

Rust Chess Engine

Repository Exporter

Security-First Portfolio

Let's Build Something

Theme Settings

Theme

Background

Accent Colour

Font

Pixel Effects