Legend Agar.io Mod

OWASP CRS (Official Repository)

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Some setup scripts for security research tools.

Web path scanner

CTF write-ups

Implementation of attacks on cryptosystems

Content-Type Research

XS-Leaks Wiki

List of XSS Vectors/Payloads

A generator of weird files (binary polyglots, near polyglots, polymocks...)

ctf exploit codes or writeups

HTTPLeaks - All possible ways, a website can leak HTTP requests

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

A collection of browser-based side channel attack vectors.

Prototype Pollution and useful Script Gadgets

Reverse proxies cheatsheet

The cheat sheet about Java Deserialization vulnerabilities

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Collection of my capture-the-flag web challenge in any levels

Searcher for cross-site leaks (XS-Leaks)

Client Side Prototype Pollution Scanner

Challenge repository for the watevrCTF 2019 CTF competition

CTF writeups

Same Origin XSS challenge

Writeups for some CTF challenges. I keep the copy of task files in case you would like to try them yourself.

justCTF 2019 challenges sources