Lightweight CLI tool for testing web cache deception vulnerabilities. Built to avoid manual testing, bloated recon tools, and GUI-based platforms. Simple, fast, and script-friendly.

TuwiliScan is a vulnerability scanner designed to detect potential SQL Injection vulnerabilities on websites by crawling and testing query parameters in URLs. It automates the scanning process using Python and provides color-coded feedback on identified vulnerabilities.

A code challenge for API testing to hunt down race conditions.

A hands-on AI security workshop that hacks and protects AI agents using MCP servers, featuring real vulnerability demos and prompt injection defense.

This project uses Python and Selenium to simulate brute force attacks on websites. It locates username and password input fields, using credentials from a yaml file to test the site's authentication strength.

Writeups and solutions for all levels of Google's XSS Game - an educational security challenge for learning Cross-Site Scripting vulnerabilities.

History Poison Lab: Vulnerable LLM implementation demonstrating Chat History Poisoning attacks. Learn how attackers manipulate chat context and explore mitigation strategies for secure LLM applications.

Black-box network penetration testing project using tools like Nmap, Nessus, Metasploit & Burp Suite. Includes CVSS-based risk assessment & remediation roadmap.

A curated repository of categorized payloads for testing and exploiting common web vulnerabilities in ethical hacking and penetration testing.

It is a simple password brute force tool designed for ethical hacking and security testing. Automates the process of selecting passwords for a given user on a website by sending POST requests with different passwords and analyzing the response.

🚀 Generate high-volume HTTP requests with Kaneki-DDoS, a user-friendly tool for network load testing featuring multiple modes and real-time logging.