Before AI pipelines had a name, a fully automated agentic email processing suite was built from scratch in Bash and Python — reading emails, routing them through AI disambiguation engines, and replying with structured results. Alongside it, a set of original security tools built for real operational needs.
In 2019 and 2020, the concept of an agentic AI pipeline — an automated system that receives input, routes it to an intelligent processing engine, and returns structured output — existed only in research labs. Large language models were not yet publicly available. The tools that developers use today to build these systems in an afternoon simply did not exist.
The challenge was to build exactly this kind of system using the tools that were available: Bash scripting, Python, raw API calls, email infrastructure, and a proprietary AI disambiguation engine. The result was a working suite of agentic email applications — each one listening for incoming email, processing it intelligently, and replying automatically with useful output.
"That's how a hacker works. We knew this wouldn't be an easy task when we asked you to do it, but you kept at it until you figured it out and made it work."
The system was built under pressure, across sleepless nights, and delivered in under 72 hours. It was not a prototype in the academic sense. It worked. It ran in production. Emails went in. Intelligent responses came out.
The core system was built as a chain of small, focused scripts — each responsible for one step in the pipeline. This modular design meant each component could be tested independently and reused across different applications.
A continuous daemon monitors the mail directory using file system comparison with comm. Every 5 seconds it detects newly arrived emails and logs the file path — triggering the rest of the pipeline. No external dependencies. Pure Bash.
Raw email files are parsed using formail and sed. The script detects whether the email is a forwarded message or a direct message, strips headers, MIME boundaries, and HTML tags, and extracts clean plain-text body content for processing.
The cleaned email body is sent via HTTP POST to the Urvin AI eigen-disambiguation API. The API returns a weighted concept list — what the email is about, ranked by relevance. The response is parsed, sorted, and formatted into a human-readable summary.
For the Lookup prototype, the original sender's email address is extracted from a forwarded email header using regex and cut. That address is sent to a domain scraping API which returns intelligence about the sender's organization. The result is formatted and sent back to the user.
For the NEO prototype, attachments are extracted from incoming emails using ripmime, fed to a Python AI analysis script, and the JSON output is converted to formatted HTML via a Java renderer. The complete risk analysis is returned to the sender by email.
Processed results are delivered back to the original sender automatically. The system handles both plain-text responses and attachment forwarding — completing the full agentic loop from incoming email to intelligent reply.
Forward any email to Message Mate and receive an AI-generated summary of what the email is about — its concepts, intent, and key topics — returned automatically to your inbox.
Forward a suspicious email to Lookup and receive intelligence about the original sender — who they are, what their domain represents, and what their organization does.
Email NEO with an attached document marked "Risk Disclosure" and receive a structured HTML risk factor analysis generated by AI — automatically extracted, analyzed, and returned.
# Extract clean email body and send to Urvin AI for disambiguation ebd=$(cat /home/msgmate/emailbody.txt) curl -X POST \ -H "Content-type: text/plain" \ -H "Authorization: Basic $(echo -n prototype:*** | base64)" \ "https://marvin.urvin.ai:53117/matching/eigen_disambiguate\ ?nca_scaling=2&nca_impact=1&pa_scaling=2&pa_impact=1\ &total_accepted_variance=0.5&minimum_concept_weight=0.0" \ -d "{\"${ebd}\"}" \ # Parse weighted concept list from JSON response | sed $'s/},{/},\\\n{/g' \ | sed $'s/^.*concepts/concepts/' \ | cut -d "," -f 2,3 \ | sort -nr \ | sed '/^.*count/d' \ >> /home/msgmate/response.txt
The projects on this page were not created as part of a single initiative or at the same point in my career. They were built over many years, in different contexts, to solve different problems.
Some originated from security assessments where existing tools did not provide the functionality or visibility I needed. Others were created to automate operational workflows, explore new technologies, or better understand the systems involved. The phishing simulator, for example, was developed while learning Rust, while other utilities were written years earlier in Bash or Python for entirely different engagements.
What connects them is not the technology or the timeline, but the approach. When an existing solution was insufficient or when building one offered a deeper understanding, I designed and implemented my own.
This reflects a mindset often associated with the original meaning of "hacker": understanding systems well enough to create new solutions instead of relying solely on existing ones.
overwatch.sh — Personal IDS / connection monitor
A lightweight intrusion detection system built entirely in Bash. Monitors active network connections and listening ports in real time, performs WHOIS lookups on all connected IPs, and sends immediate email alerts when new ports start listening or new connections are established.
sseve.sh — SMTP email existence verifier
An email account existence verifier that works without sending any email. Eve performs MX record lookup on the target domain, connects directly to the SMTP server, and uses the EHLO/RCPT TO handshake to determine whether an email account exists — supporting both netcat and telnet as transport utilities.
host lookupcentbruteon.py — Centreon API brute-forcer
A credential brute-forcing tool targeting the Centreon network monitoring platform API (tested on v19.04). Written in Python 3 with a clean CLI interface, supporting single-user and multi-user wordlist modes, HTTPS with custom CA bundle support, and color-coded terminal output.
Custom build — Social engineering training tool
A phishing simulation tool written in Rust — a compiled, memory-safe systems language chosen deliberately for performance and reliability. Built for controlled security awareness training engagements, allowing teams to test and measure their organization's susceptibility to phishing attacks in a safe environment.
# Capture all established external connections watchE=$(ss -tuepn | cut -d ":" -f 2,4 \ | sed -e 's/://g' -e 's/*//g' \ | cut -d " " -f 1 | sort -nr) # WHOIS lookup on every connected IP for ip in $(cat .who.txt); do whois $ip | grep "address\|country" \ | sort -u >> .whois.txt done # Alert on new established connections (size increase = new connection) elif [[ ! -z $(diff <(echo $watchE) <(cat .EstaP.log)) \ && $(echo $LEV) -gt $(echo $LEF) ]] then echo -n $bodyE "________" $wth \ | mail -s "Starry, New Connection is just Established!" "$email"
These projects were built from first principles rather than by assembling existing tools. They include a Bash-based intrusion detection system, an SMTP email verifier that works directly from the protocol, a brute-force testing utility built from API documentation, and a phishing simulation platform written in a compiled systems language.
Together, they demonstrate an approach centered on understanding how systems work internally and building the right solution for the problem at hand.
Every project on this page exists because of a real operational need. When an existing solution was unavailable, unsuitable, or too limited, I built one instead. The agentic email system, for example, was developed before today's frameworks made similar workflows commonplace. The security tools were created to solve practical problems encountered during research and live engagements.
For me, engineering begins with understanding the system itself. Technologies and programming languages change over time, but the process remains consistent: identify the problem, study it thoroughly, and design a solution that addresses it with precision.
All of this work was completed independently, remotely, and delivered in production environments. That has been the common thread throughout more than two decades of hands-on technical work.