Curated tools // simple installs // practical learning

Tools worth installing.
No bookmark graveyard.

A plain-English catalog of tools that work well with Hermes, plus technical resources worth learning. Each card gives you the point, the first move, and a copy/paste command when install makes sense.

AI agent coreDeploy / web opsWebsite frameworkSite searchAutomationLocal AILocal AI UIPython tooling

Resource map

Everything interesting enough to earn a spot.

Commands target Linux/WSL unless the card says otherwise. Security tools are for labs, your own systems, or explicitly authorized work. Don’t be a dickhead with scanners.

AI agent coreBeginner

Hermes Agent

The actual agent framework behind Hermie: CLI, desktop, messaging gateway, skills, memory, cron jobs, MCP, tools.

First move:Install Hermes, run the setup wizard, then add one useful integration instead of trying to configure everything at once.
Copy/paste
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
hermes setup
Open resource →
Deploy / web opsBeginner

Cloudflare Wrangler

CLI for Cloudflare Pages and Workers. Useful when Hermie needs to deploy, inspect, or debug Cloudflare projects.

First move:Install Wrangler and log in only when you actually need direct Cloudflare CLI control.
Copy/paste
npm install -g wrangler
wrangler login
wrangler whoami
Open resource →
Website frameworkBeginner

Astro

Fast static/content-driven sites. This is what askhermie.dev is built with.

First move:Use Astro for docs, catalogs, project pages, and clean static sites before reaching for heavier app frameworks.
Copy/paste
npm create astro@latest my-site
cd my-site
npm run dev
Open resource →
Site searchBeginner

Pagefind

Static search for sites like this. Perfect for a searchable Hermes skill catalog without needing a backend.

First move:Add it after the resources/skills pages have enough content to search.
Copy/paste
npm install -D pagefind
npx pagefind --site dist
Open resource →
AutomationBeginner

n8n

Visual workflow automation with AI integrations. Good for glue jobs: alerts, webhooks, email, GitHub, forms, and agent triggers.

First move:Run it locally with Docker, build one tiny workflow, then decide if it deserves a server.
Copy/paste
docker volume create n8n_data
docker run -it --rm --name n8n -p 5678:5678 -v n8n_data:/home/node/.n8n docker.n8n.io/n8nio/n8n
Open resource →
Local AIBeginner

Ollama

Runs local models on your machine. Useful for private/offline experiments and local AI tooling.

First move:Install it, run a small model, then connect tools later. Do not start with giant models.
Copy/paste
curl -fsSL https://ollama.com/install.sh | sh
ollama run llama3.2
Open resource →
Local AI UIIntermediate

Open WebUI

Self-hosted AI chat UI that can sit in front of local or remote model backends.

First move:Only install after Ollama or another backend works. Otherwise you debug two things at once, which is dumb.
Copy/paste
docker run -d -p 3000:8080 -v open-webui:/app/backend/data --name open-webui ghcr.io/open-webui/open-webui:main
Open resource →
Python toolingBeginner

uv

Fast Python package/project tool. Good default for modern Python scripts, tools, and quick experiments.

First move:Use uv for new Python projects instead of hand-rolling virtualenv pain every time.
Copy/paste
curl -LsSf https://astral.sh/uv/install.sh | sh
uv --version
Open resource →
Python CLI appsBeginner

pipx

Installs Python command-line tools into isolated environments. Cleaner than polluting system Python.

First move:Install pipx once, then use it for tools like mitmproxy and mpremote.
Copy/paste
sudo apt update
sudo apt install -y pipx
pipx ensurepath
Open resource →
Command helpBeginner

tldr-pages

Short practical command examples. Good when man pages are too much bullshit.

First move:Install it and try tldr against commands you already use.
Copy/paste
npm install -g tldr
tldr tar
tldr ssh
Open resource →
Sysadmin referenceReference

The Book of Secret Knowledge

Huge collection of commands, tools, one-liners, and practical technical references.

First move:Bookmark it. Do not try to read the whole thing. Use it when solving a specific problem.
Copy/paste
git clone --depth 1 https://github.com/trimstray/the-book-of-secret-knowledge.git ~/tools/the-book-of-secret-knowledge
Open resource →
HomelabReference

awesome-selfhosted

Massive catalog of self-hosted services. Useful for picking homelab projects and internal tools.

First move:Pick one category, not fifty. Start with monitoring, notes, dashboards, or automation.
Copy/paste
git clone --depth 1 https://github.com/awesome-selfhosted/awesome-selfhosted.git ~/tools/awesome-selfhosted
Open resource →
MonitoringBeginner

Netdata

Fast observability dashboard for Linux systems. Good for learning what “normal” system behavior looks like.

First move:Install on a lab box or VM first, not production.
Copy/paste
wget -O /tmp/netdata-kickstart.sh https://get.netdata.cloud/kickstart.sh
sh /tmp/netdata-kickstart.sh
Open resource →
Automation / sysadminIntermediate

Ansible

Automates Linux/network/server configuration. Very relevant to systems engineering work.

First move:Use it to automate one boring repeated setup task. Do not start by redesigning the company.
Copy/paste
pipx install --include-deps ansible
ansible --version
Open resource →
Cyber learningBeginner

PortSwigger Web Security Academy

Free interactive web-security labs from the Burp Suite people. High signal, practical, legal.

First move:Start with SQL injection, XSS, and authentication labs before touching weirder topics.
Copy/paste
# No install. Open the labs:
# https://portswigger.net/web-security
Open resource →
Defensive securityReference

OWASP Cheat Sheet Series

Concise defensive guidance for common appsec topics. Good for “how should this be secured?” questions.

First move:Use it as a reference when building or reviewing apps/APIs.
Copy/paste
git clone --depth 1 https://github.com/OWASP/CheatSheetSeries.git ~/tools/owasp-cheatsheets
Open resource →
IoT security labIntermediate

OWASP IoTGoat

Deliberately vulnerable IoT firmware for safe IoT security practice.

First move:Clone it and read the docs before trying to emulate or exploit anything.
Copy/paste
git clone https://github.com/OWASP/IoTGoat.git ~/labs/IoTGoat
Open resource →
Firmware analysisIntermediate

Binwalk

Finds and extracts embedded files from firmware images. Core tool for firmware exploration.

First move:Install it, then practice on known-good sample firmware before random router images.
Copy/paste
sudo apt update
sudo apt install -y cargo
cargo install binwalk
Open resource →
Firmware emulationAdvanced

Firmadyne

Framework for emulating and dynamically analyzing Linux-based firmware.

First move:Treat this as a later lab. Start with Binwalk and file-system extraction first.
Copy/paste
git clone https://github.com/firmadyne/firmadyne.git ~/tools/firmadyne
Open resource →
Reverse engineeringAdvanced

Ghidra

NSA’s reverse-engineering framework. Useful for binaries, firmware components, and malware analysis labs.

First move:Install Java, download Ghidra, then start with small binaries — not random BIOS blobs.
Copy/paste
# Windows: download the latest release zip:
# https://github.com/NationalSecurityAgency/ghidra/releases
# Linux: install Java first:
sudo apt update
sudo apt install -y openjdk-21-jdk
Open resource →
Reverse engineeringAdvanced

radare2

Powerful CLI reverse-engineering toolkit. Not beginner-soft, but useful once basics click.

First move:Install it later, after Ghidra/Cutter feel less alien.
Copy/paste
git clone https://github.com/radareorg/radare2.git ~/tools/radare2
cd ~/tools/radare2
sys/install.sh
Open resource →
Reverse engineering GUIIntermediate

Cutter

GUI reverse-engineering platform powered by Rizin. Friendlier than raw CLI reversing.

First move:Use Cutter when you want a GUI path into reversing before deep CLI work.
Copy/paste
# Easiest path: download AppImage/installer from releases:
# https://github.com/rizinorg/cutter/releases
Open resource →
ESP32 developmentIntermediate

ESP-IDF

Official Espressif IoT development framework. Serious ESP32 work eventually ends up here.

First move:Start with examples. Confirm hello-world builds before touching Wi-Fi/BLE weirdness.
Copy/paste
mkdir -p ~/esp
cd ~/esp
git clone --recursive https://github.com/espressif/esp-idf.git
cd esp-idf
./install.sh esp32
. ./export.sh
Open resource →
MicrocontrollersBeginner

MicroPython + mpremote

Python on microcontrollers plus a CLI to talk to boards. Great beginner bridge into embedded work.

First move:Install mpremote, plug in a board, and run a tiny script.
Copy/paste
pipx install mpremote
mpremote connect list
Open resource →
Maker learningBeginner

Adafruit Learning System

Practical electronics, microcontroller, sensor, and maker tutorials.

First move:Pick one small hardware project and finish it before buying a drawer full of cursed modules.
Copy/paste
# No install. Open tutorials:
# https://learn.adafruit.com/
Open resource →
ESP32 projectsBeginner

Random Nerd Tutorials ESP32

Step-by-step ESP32 guides with code and diagrams. Good for practical build momentum.

First move:Start with one sensor + one web-server example.
Copy/paste
# No install. Open project list:
# https://randomnerdtutorials.com/projects-esp32/
Open resource →
Web/API debuggingIntermediate

mitmproxy

Intercepting HTTP(S) proxy for debugging APIs, mobile apps, and web traffic in controlled labs.

First move:Use it on your own traffic first. Certificate setup is the annoying bit.
Copy/paste
pipx install mitmproxy
mitmproxy --version
Open resource →
Network discoveryBeginner

Nmap

Network scanner for inventory and service discovery on systems you own or are authorized to assess.

First move:Use it on your own LAN/lab only. Start with safe discovery flags.
Copy/paste
sudo apt update
sudo apt install -y nmap
nmap -sn 192.168.1.0/24
Open resource →
Vulnerability scanningIntermediate

ProjectDiscovery Nuclei

Template-based scanner. Excellent in authorized environments, easy to misuse if you are careless.

First move:Install it, update templates, and only scan assets you own/have permission for.
Copy/paste
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
nuclei -update-templates
Open resource →
ReconIntermediate

Subfinder

Passive subdomain discovery. Useful for authorized recon and asset inventory.

First move:Use it against your own domains first.
Copy/paste
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
subfinder -version
Open resource →
HTTP probingIntermediate

httpx

Fast HTTP probing toolkit. Pairs naturally with subdomain discovery.

First move:Pipe known-good hostnames into it and inspect what is actually alive.
Copy/paste
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
httpx -version
Open resource →
Web fuzzingIntermediate

ffuf

Fast web fuzzer for authorized labs and testing. Good for learning how discovery works.

First move:Use it only in labs or on systems you have permission to test.
Copy/paste
go install github.com/ffuf/ffuf/v2@latest
ffuf -V
Open resource →
Security wordlistsReference

SecLists

Common wordlists used in security testing. Useful, but also easy to use irresponsibly.

First move:Clone it locally for lab use. Do not spray random internet targets.
Copy/paste
git clone --depth 1 https://github.com/danielmiessler/SecLists.git ~/tools/SecLists
Open resource →
Security referenceReference

PayloadsAllTheThings

Payload and bypass reference for web security learning and authorized testing.

First move:Use as a reference while doing structured labs, not as a “spray this everywhere” cookbook.
Copy/paste
git clone --depth 1 https://github.com/swisskyrepo/PayloadsAllTheThings.git ~/tools/PayloadsAllTheThings
Open resource →