A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

Explanation and full RCE PoC for CVE-2025-55182

Step-by-step walkthrough of CVE-2025-55182 (React2Shell) by tracing React's Flight protocol internals.

Original Proof-of-Concepts for React2Shell CVE-2025-55182

WIP open-source, cross-platform, and feature rich iOS/tvOS sideloading application. Supporting macOS, Linux, and Windows.

Differential testing framework for HTTP implementations

Burp extension to filter JSON on the fly with JQ queries in the HTTP message viewer.

Examples for using the Montoya API with Burp Suite

A standalone Java Decompiler GUI

RootHideManagerApp

iOS runtime dylib injection tool

Browser-based redaction utility that lets you paste any payload—HTTP exchanges, JSON, YAML, CSV, configs—and instantly strip out sensitive values while preserving structure.

Next Generation SSLKillSwitch with much more support!

A GPT-empowered penetration testing tool

Cybersecurity AI (CAI), the framework for AI Security

Audits an AppLocker policy XML and reports weak/misconfigured/risky settings, including actual ACL checks.

A local privilege escalation exploit for Splashtop Streamer for Windows prior to version 3.5.0.0

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A collection of tips & tricks on how to escape a kiosk mode environment

The new bridge between Burp Suite and Frida!

iOS 8.0-9.3.6 Jailbreak for 32-bit Devices

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)