What is MemoryJar used for?

MemoryJar is an analyst workspace that combines graph visualization, hierarchical outline, and rich text notes on the same data. Eight purpose-built jar types cover common workflows: investigation, case file, mind map, workflow, systems architecture, financial, CRM, and security. Replaces the typical stack of a graph tool + a notes app + a report generator with one local-first desktop app.

Is MemoryJar a CherryTree alternative?

Yes. MemoryJar provides CherryTree-style hierarchical note-taking with an added graph visualization layer for mapping entity relationships. It supports rich text editing, image embedding, and structured outlines — plus graph-based link analysis that CherryTree cannot do.

Can MemoryJar import Nmap scan data?

Yes. MemoryJar imports Nmap XML scan output and automatically creates typed entity nodes for hosts, IP addresses, services, and ports with their relationships mapped in the graph view.

Does MemoryJar work offline?

Yes. MemoryJar is an offline desktop application with no cloud dependency. All data stays on your machine. It can operate in air-gapped environments suitable for sensitive or regulated work.

What platforms does MemoryJar support?

MemoryJar runs on Windows, macOS, and Linux. Download, install, and you're ready to go.

How much does MemoryJar cost?

MemoryJar is sold as a 1-year license, not a subscription. Solo is $600/year for 1 analyst (2 device activations). Team is $3,000/year for up to 5 analysts, flat. Enterprise starts at $1,500/seat/year with a 10-seat minimum and includes priority support + SLA + onboarding.

Red Team & Blue Team Documentation Tool — Attack Surface Mapping & Incident Response

Red team engagement documentation

Red team operations generate enormous amounts of data — reconnaissance results, discovered credentials, lateral movement paths, privilege escalation chains, and post-exploitation findings. MemoryJar gives operators a structured way to document every phase of an engagement in real time. Import Nmap XML scans to automatically create host and service nodes in the graph. Add discovered credentials, document exploitation paths, and map the relationships between compromised systems. Each node gets its own rich-text notes panel for screenshots, command output, and tactical observations. The graph view shows the full attack path from initial access to objective completion, making debrief and report writing straightforward. Unlike generic note-taking tools, every entity is typed — so a compromised host is visually distinct from a credential, which is distinct from a vulnerability, which is distinct from the user account that was leveraged.

Blue team incident response

When an incident hits, responders need to build a picture fast. MemoryJar's graph view lets you map the incident as it unfolds — compromised hosts, affected users, malicious infrastructure, lateral movement, and data exfiltration paths. Create timeline nodes to track the sequence of events. Link indicators of compromise to the infrastructure and accounts they touch. The structured entity types mean your incident graph is immediately useful for pattern analysis — you can see which systems share the same compromise indicators, which accounts were used across multiple hosts, and where the attacker pivoted. The outline view provides a parallel CherryTree-style hierarchy for structured documentation that feeds directly into your incident report. Everything runs offline, so your incident documentation never touches a third-party cloud during an active response.

Attack surface mapping and vulnerability analysis

Understanding your attack surface requires mapping the relationships between assets, services, vulnerabilities, and access paths. MemoryJar lets you import Nmap scan data to create a baseline map of your network, then layer on vulnerability findings, access control relationships, and trust boundaries. The graph makes blast-radius analysis intuitive — select a compromised service and visually trace every system it can reach. Add vulnerability nodes linked to the specific hosts and services they affect, with notes documenting severity, exploitability, and remediation status. This approach scales from a single subnet assessment to a full enterprise attack surface review.

Portable, secure, team-ready

Cybersecurity teams work in environments where cloud tools are often restricted. MemoryJar runs as a portable executable — no installation, no admin privileges, no cloud dependency. Bring it on a USB drive to an engagement. Run it on a forensic workstation. Use the LAN collaboration mode to share a workspace with your team in real time without any data leaving your network. The application stores all data locally in an encrypted database. When the engagement or investigation is complete, export the workspace as JSON for archival or as Markdown for report generation. No subscription fees, no per-seat pricing — one license covers your team.

Document ops. Map attack surfaces. Respond faster.

Red team engagement documentation

Blue team incident response

Attack surface mapping and vulnerability analysis

Portable, secure, team-ready

Key features for cybersecurity operations

Explore other use cases