before you buy another security tool, know what you have — scan your stack, see what peers use, stop paying for shelfware
Two ways in. Extension is fastest — no signup, scan dashboards you already use. CLI is for automation and tracked contributions.
# Option A: browser extension (no signup, 60 seconds) git clone https://github.com/manizzle/nur-public # chrome://extensions → Developer Mode → Load Unpacked → extension/ # Option B: CLI (for automation) pip install nur nur init nur register you@yourorg.com nur eval --vendor crowdstrike
All data is anonymized on your machine before it leaves. Emails, IPs, names, and dollar amounts are stripped. Only numeric scores and anonymized summaries leave the browser. You get back what peers with similar stacks chose, paid, and whether they'd buy again.
Scan security dashboards you already log into — AWS, CrowdStrike, Splunk, Okta. In 60 seconds you get a report: what's shelfware, what's not integrated, and (once peers contribute) how your stack compares.
Two modes:
After scanning, click Utilization Report to see shelfware, unused modules, and integration gaps.
For people who want to automate, bulk-upload, or script into AI workflows.
nur eval # interactive vendor evaluation nur eval --vendor crowdstrike # price, support, detection, decision intel nur market edr # vendor rankings by category nur search compare crowdstrike sentinelone # side-by-side comparison nur report incident_iocs.json # upload incident data nur report attack_map.json # detection gap analysis
The nur eval schema covers six dimensions. All fields are aggregated. All individual values are discarded after commit. Dice chain verification ensures nothing changed in transit.
Detection: overall score, detection rate, false positives Price: annual cost, per-seat cost, contract length, discount Support: quality, escalation ease, SLA response time Performance: CPU overhead, agent memory, scan latency, deploy time Decision: chose this vendor?, main decision factor Integrity: dice chain (client hash == server contribution_hash) # All fields aggregated. All individual values discarded. # BDP credibility weighting defends against data poisoning.
| Method | Path | Description |
|---|---|---|
| POST | /analyze | Give data, get intelligence report |
| POST | /contribute/submit | Submit tool evaluation |
| POST | /contribute/attack-map | Submit attack map with techniques |
| POST | /contribute/ioc-bundle | Submit IOC bundle |
| POST | /ingest/webhook | Universal webhook (Splunk, Sentinel, CrowdStrike, CEF) |
| POST | /register | Register with work email + public key |
| POST | /threat-model | Generate MITRE-mapped threat model |
| GET | /intelligence/market/{category} | Vendor market map |
| POST | /intelligence/threat-map | Threat → MITRE techniques + coverage gaps |
| GET | /intelligence/danger-radar | Vendors with hidden risk signals |
| GET | /intelligence/patterns/{vertical} | Attack patterns for an industry |
| POST | /intelligence/simulate | Simulate attack chain against your stack |
| GET | /search/vendor/{name} | Vendor scores and details |
| GET | /search/compare?a=X&b=Y | Side-by-side vendor comparison |
| POST | /verify/receipt | Verify contribution receipt (Merkle proof) |
| GET | /verify/aggregate/{vendor} | Verify aggregate proof for a vendor |
| GET | /proof/stats | Platform proof stats (Merkle root, counts) |
| POST | /category/propose | Propose blind category (threshold reveal) |
| POST | /category/reveal | Vote to reveal a blind category |
| GET | /category/pending | List pending + revealed categories |
| GET | /dashboard | Visual dashboard |
| GET | /vendor/{id} | Vendor profile page (scores, gaps, claim) |
| GET | /vendor/{id}/claim | Vendor claims their profile (email verification) |
| GET | /proof/bdp-stats | BDP credibility & poisoning defense stats |
| POST | /invites/generate | Generate invite codes for peers |
| POST | /invites/redeem | Redeem an invite code |
| POST | /settings/slack | Configure Slack webhook for remediation alerts |
| GET | /health | Liveness check |
| GET | /stats | Contribution counts (anonymized) |
| GET | /contribute | Web eval form (mobile-friendly, no auth) |
See the README for curl examples.
Your data cannot be mined, sold, or misused — not because we promise, but because the math makes it impossible.
Orgs propose hashed category names. Server counts independent submissions. At threshold (3+), contributors vote to reveal. Server never sees plaintext until quorum.
Use /verify/receipt, /verify/aggregate/{vendor}, and /proof/stats to verify any claim. The public repo has the client code end-to-end.
See COMPLIANCE.md for the full legal analysis covering HIPAA Safe Harbor, GDPR Recital 26, CISA 2015 safe harbor, and attorney-client privilege preservation.
Run your own nur instance for your industry or organization.
nur up --vertical healthcare # LockBit, HIPAA focus nur up --vertical financial # APT28, PCI DSS focus nur up --vertical energy # Sandworm, NERC CIP focus nur up --vertical government # APT29, FISMA focus
The server code is currently in a private repo. Message on Signal for self-hosting access, or use the hosted service at getnur.org.
# .env file NUR_DB_URL=postgresql+asyncpg://user:pass@db:5432/nur NUR_API_KEY=your_master_api_key NUR_AUTO_INGEST=1 # auto-scrape public feeds every hour NUR_DOMAIN=nur.yourorg.com # for magic link emails NUR_SMTP_HOST=smtp.yourorg.com # email verification NUR_SMTP_PORT=587 NUR_SMTP_USER=nur@yourorg.com NUR_SMTP_PASS=your_smtp_password
pip install nur && nur init && nur register you@org.com