๐Ÿ›ก๏ธ

Mismoosh IR Triage Toolkit Windows โ€ข v0.2.2

Download the toolkit

A practical, evidence-first incident response helper for clearnet OSINT, breach exposure checks (where permitted),
and structured incident documentation. Built for quick triage โ€” without dark web crawling.

๐Ÿ’ป Installer (recommended)

Best for most customers. Installs shortcuts and makes repeat runs easy.

  • Simple install + Start Menu shortcut
  • Ideal for office PCs and recurring checks
  • Works great with โ€œRun (Recommended)โ€ wrapper
โฌ‡๏ธ Download Installer
๐Ÿ“˜ Open User Guide

Tip: Use the installer if you want a smooth โ€œclick-to-runโ€ experience.

๐Ÿงฐ Portable ZIP (call-out friendly)

No install. Ideal for engineers and quick on-site triage.

  • Unzip โ†’ run โ†’ collect evidence
  • Perfect for USB toolkit use
  • Includes the โ€œRun_Triageโ€ helper
โฌ‡๏ธ Download Portable
๐Ÿ“˜ Open User Guide

Tip: Portable is the fastest โ€œarrive โ†’ run โ†’ evidenceโ€ option.

๐Ÿ“„ User Guide (PDF)

Clear steps for customers + technical users (EN + NL).

  • How to fill in case details
  • Which checks to enable (and why)
  • Safety + privacy tips included
๐Ÿ“˜ Download / View PDF

Want help? Use our contact page for support or deployment guidance.

๐Ÿš€ Quick start (how to use)

Installer route

  1. Download and run the installer.
  2. Open Start Menu โ†’ Run (Recommended).
  3. Enter a Case Name (example: ACME-2026-02-26).
  4. Enter Customer/Company.
  5. Add emails/domains/usernames (comma-separated).
  6. Type YES to confirm consent.
  7. Run the checks you need and review the evidence pack.

Portable route

  1. Download the ZIP and extract it.
  2. Run Run_Triage.cmd (recommended).
  3. Follow the prompts and select checks.
  4. When finished, open the output folder and share only whatโ€™s necessary.

Safety tip: Always enable Redact PII when sharing evidence externally.

โœ… What itโ€™s for

  • Incident triage: โ€œWhatโ€™s exposed and where?โ€
  • Breach & paste exposure checks (where legally allowed / API-based)
  • Passive recon for domains (DNS / WHOIS / certificate transparency)
  • Evidence-first reporting for documentation and follow-up actions

๐Ÿšซ What it does not do

  • No dark web crawling and no .onion scanning
  • No exploitation, โ€œhackingโ€, or intrusive scanning
  • No downloading of leaked content by default (metadata/references only)

Use it for defensive triage with explicit customer consent and clear scope.

๐Ÿ” Safety & privacy tips (worth doing every time)

  • Consent first: confirm customer authorization and scope before running any checks.
  • Prefer app-based MFA: avoid SMS MFA if SIM-swap risk is suspected.
  • Check email rules: attackers often add forwarding rules after takeover.
  • Evidence handling: store case folders securely and follow a retention policy.
  • Redact PII: enable redaction when evidence may be shared outside the org.

Note: Downloads are hosted on WM ICT Solutions infrastructure. If your organization requires internal hosting,
you can mirror the files and update the buttons accordingly.