About codeworld

codeworld started as a test: a cheap domain, Claude Code, and a question of how much useful tooling I could build for CI cyber and TSCM work. It was originally just for my own programs and references, but it ended up becoming something people around me actually use.

Most additions land here because somebody — me or a colleague — hit a real gap on a real case and we needed it. The Push Token Identifier and the modern-artifacts sections in /mobile are recent examples: AXIOM and Cellebrite extract the underlying artifacts but don't identify or attribute them, so the lookup kept falling on the analyst. Now it doesn't.

Every utility on this site runs locally in your browser. Nothing you paste — hashes, headers, payloads, push tokens — is sent to a server. Several tools also ship a single-file Python version you can download and run on an air-gapped workstation.

Source is on GitHub. Open an issue if something's wrong or missing, and PRs are welcome — especially for content gaps where you've been the one re-Googling the same path or command.