reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

HTTPLeaks - All possible ways, a website can leak HTTP requests

A proposed standard that allows websites to define security policies.

A demo of overriding what's in a person's clipboard

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

IPFuscator - A tool to automatically generate alternative IP representations

Stealing CSRF tokens with CSS injection (without iFrames)

🏴‍☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴‍☠️

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

A lab to play with authentication and authorisation problems

An example of obtaining RCE via Redis and CSRF