Open-source AI hackers to find and fix your app’s vulnerabilities.

Writeup and exploit for CVE-2025-22441: Privilege escalation from installed app to SystemUI process on Android due to pass of untrusted ApplicationInfo to LoadedApk

Automating situational awareness for cloud penetration tests.

A next-generation crawling and spidering framework.

Self-hosted bug bounty programs that are "scammy" or unethical

Mobile Edge-Dynamic Unified Security Analysis

Inspect and instrument React Native applications at runtime

A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode

Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code

ACVTool (Android Code Coverage Tool) is a tool to measure fine-grained code coverage of 3rd-party Android apps.

Significant security enchancements of recent major Android versions.

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

Subdomain finder

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.

Cybersecurity oriented awesome list

Quarkslab conference talks

A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon

Subdomain takeover vulnerability checker

A True Instrumentable Binary Emulation Framework

拼多多apk内嵌提权代码，及动态下发dex分析

Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

Bypass Facebook SSL pinning on Android devices.

Bypass Messenger SSL pinning on Android devices.

Bypass Snapchat SSL pinning on Android devices

Target Redirector is a Burp Suite Extension written in Kotlin, which redirects all Burp requests destined for a chosen target to a different target of your choice. The hostname/IP, port and protoco…

Slides and videos from my public speeches / conferences