A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predefined service fingerprints.

Collection of scripts and tools used during bug bounty work. This will be the location of my automation scripts created for my own personal use, and occassionally public released

Custom wordlists for fuzzing (forked from SecLists)

🎯 Chrome Extension - Passive scanner for Dependency Confusion vulnerabilities in npm/PyPI packages

Detection for CVE-2025-61675, CVE-2025-61678 & CVE-2025-66039

Personal AI Infrastructure for upgrading humans.

AI search engine with quality answers + curated sources. Chat mode for analysis, Agent mode for autonomous deep research. Search meets conversation. Exa neural search powered.

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

CVE-2025-55182 POC

A non-intrusive surface scanner for CVE-2025-55182 (React Server Components RCE). Detects exposed RSC endpoints in React 19 and Next.js applications

Firebase_Checker is Python tool to analyze APK files and web applications for Firebase-related vulnerabilities. This tool identifies security misconfigurations in Firebase implementations for both …

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

A secure and user-friendly web app for managing Linux servers with Artifical Intelligence via SSH—right from your browser.

Burp Suite extension for automatically decrypting and encrypting AES-encrypted HTTP requests and responses

Awesome apps, software, and SaaS deals on Black Friday.

JunoDB is PayPal's home-grown secure, consistent and highly available key-value store providing low, single digit millisecond, latency at any scale.

A Burp Suite extension for analyzing Next.js Server Actions - server-side functions identified by hash IDs and `Next-Action` headers.

Tool that reproduces CVE-2025-55315 in ASP.NET Core.

🖥️ Session manager for tmux, built on libtmux.

Terminal UI OS (Terminal Multiplexer)

Terminal UI for ufw

A powerful Go tool for finding origin IPs of domains by querying multiple security APIs and validating results with built-in HTTP client.

Minino is an original multiprotocol and multiband board made for sniffing, communicating, and attacking IoT devices. It was designed as a mini Cat that integrates the powerful ESP32C6, GPS, microSD…

Chromium Browser DoS Attack via document.title Exploitation

Inspect and instrument React Native applications at runtime

Un taller mas sobre vulnerabilidades en JWT, este es practico, paso a paso y en español.