A collection of my Semgrep rules to facilitate vulnerability research.

A simple system to turn an ESP8266 or ESP32 into an SPI memory flasher

A utility to download Chrome extensions as CRX or ZIP.

Damn Vulnerable Web Application (DVWA)

A lightweight command-line tool that spins up a local web server to display Git commit diffs in a GitHub-like Files changed view

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

A robust quine program that works even after any one character is deleted.

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

List of Trusted Types bypasses

🦖 A JavaScript/TypeScript Game Library that feels like a game.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Auto-expand details elements when scrolling to a fragment

multi-level source map processing library.

DotDotPwn - The Directory Traversal Fuzzer

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

The buffer module from node.js, for the browser.

The fastest deep equality check with Date, RegExp and ES6 Map, Set and typed arrays support

Make a function mimic another one

The CLI tool to fix huge number of ESLint errors

Adds playful pets 🦀🐱🐶 in your VS Code window

A modern, extensible GitHub API Client for Rust.

A library for generating fake data in Rust.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

cheat sheet for penetration testing (Japanese) 🐉