Documentation

Comprehensive guides for operators at every level

Getting Started API Reference Security Guidelines Tool Documentation Community Guidelines Infrastructure

Getting Started

Quick start guide for new operators

$ Account Registration

Create your operator account with a secure email. We recommend ProtonMail or Tutanota. Choose a strong callsign — this is your identity on the platform.

$ Platform Overview

ZION OFFSEC consists of the Arsenal (marketplace), Community Forum, built-in tools (Decoder, Forge, Analyzer), and your Operator Dashboard with order management.

$ First Purchase

Browse the catalog, add tools to your cart, and complete checkout. License keys are generated instantly and available in your Orders page.

$ Environment Setup

Most tools require a Linux environment (Kali, Parrot, or custom). Ensure Python 3.10+, Go 1.21+, and common dependencies are installed. Each tool includes specific requirements in its README.

API Reference

RESTful API for programmatic access

$ Authentication

All API requests require a Bearer token. Generate your API key from Settings > API Access. Include it as: Authorization: Bearer YOUR_API_KEY

$ Rate Limits

Free tier: 100 requests/hour. Premium: 1000 requests/hour. Enterprise: unlimited. Rate limit headers are included in every response (X-RateLimit-Remaining).

$ Endpoints Overview

GET /api/v1/products — List products. GET /api/v1/products/{id} — Product details. GET /api/v1/categories — List categories. POST /api/v1/orders — Create order. GET /api/v1/user/profile — Your profile.

$ Response Format

All responses are JSON with structure: { "status": "success|error", "data": {...}, "meta": { "page": 1, "total": 100 } }. Errors include "message" and "code" fields.

Security Guidelines

OPSEC best practices for operators

$ Secure Communications

Always use PGP encryption for sensitive messages. Our public key is available on the PGP Keys page. Use Tor or a VPN when accessing the platform for sensitive operations.

$ Tool Deployment

Never deploy offensive tools against targets without explicit written authorization. Maintain detailed logs of all testing activities. Use isolated environments (VMs, containers) for tool testing.

$ Credential Management

Use a password manager. Enable 2FA when available. Never reuse passwords across platforms. Rotate API keys regularly.

$ Incident Response

If you discover a vulnerability in our platform, report it immediately via the Contact page. Do not exploit or disclose vulnerabilities publicly before they are patched.

Tool Documentation

Usage guides for ZION tools

$ Decoder

Client-side encoding/decoding tool. Supports Base64, URL, Hex, ROT13, HTML entities, JWT decode, and hash generation (MD5, SHA1, SHA256, SHA512). All processing happens in your browser — no data is transmitted.

$ La Fragua (Forge)

Payload workshop for generating reverse shells, encoded payloads, and obfuscated scripts. Supports Bash, Python, PowerShell, PHP, and more. Includes IP/port configuration and multiple encoding layers.

$ Packet Analyzer

Browser-based network traffic analyzer. Upload PCAP files for protocol breakdown, packet inspection, and traffic visualization. Supports TCP, UDP, HTTP, DNS, and TLS analysis.

$ Threat Tracker

Real-time threat intelligence dashboard. Monitors CVE feeds, exploit releases, and threat actor activity. Customizable alerts and watchlists for technologies in your scope.

Community Guidelines

Rules and norms for the community

$ Forum Rules

Be respectful. Share knowledge freely. No spam or self-promotion without value. No sharing of stolen data, credentials, or PII. Technical discussions only — no political or off-topic content.

$ Reputation System

Earn reputation through purchases, forum contributions, tool reviews, and community help. Higher reputation unlocks badges, early access to new tools, and exclusive forum sections.

$ Contribution Program

Submit your own tools, exploits, or research for inclusion in the arsenal. Accepted contributions earn reputation and may qualify for revenue sharing. Contact us for details.

$ Reporting

Report rule violations, suspicious activity, or security concerns through the Contact page or directly to moderators in the forum. All reports are handled confidentially.

Infrastructure

Platform architecture and status

$ Architecture

ZION OFFSEC runs on hardened Linux servers with encrypted storage. The web application is PHP 8.x with MySQL backend. Static assets are served via Nginx with aggressive caching.

$ Availability

We target 99.9% uptime. Planned maintenance windows are announced 48 hours in advance on Telegram. The Warrant Canary page is updated monthly as a transparency measure.

$ Data Storage

User data is stored in encrypted databases. Passwords use bcrypt with cost factor 12. Payment data is never stored on our servers — handled by third-party processors.

$ Backups

Full database backups every 6 hours. File system snapshots daily. Geographic redundancy across multiple data centers. Recovery time objective: < 4 hours.

Need more help?

Check the FAQ or reach out to our support team.