AI algorithm to read and write distorted text from CAPTCHA.

big ip相关渗透辅助工具

A Caido extension written in Typescript that makes an OPTIONS request and determines if other HTTP methods than the original request are available. If there are other methods available, findings are created on the fly which will be enhanced based on pending further capabilities from the Caido SDK.

wfuzz go brrrrr

Z-Vulnerable-Website-Project (ZVP for short) is a project where I try to create a custom vulnerable website for learning and demonstrating common web security flaws.

Dockerfiles, setup instructions, code and write-ups for hands-on exploration of Carsten Eiler's book "You've Been Hacked" on security vulnerabilities in web applications.

gather Intel using telegram username

Presentation slides and code samples of my talks

A purposefully vulnerable HTTP server showcasing potentially vulnerable code patterns

NoSQLInsanity: Tool for Security Assesment NoSQL (Linear Search VS Binary Search)

the web security and auditing tool

Detects dynamic JavaScript that may leak sensitive data using a browser extension and server-side diffing. Based on an empirical study by Sebastian et al. (2015).

📦 general-purpose, "black box" CGI auditing tool (ARCHIVE)

This is the source code of my website. Feel free to poke around, break things, or contribute if you're feeling helpful.

🔍 Explore a comprehensive collection of cybersecurity interview questions and answers, designed for all positions in the field.

I have no idea how to make it safer: Studying Security and Privacy Mindsets of Browser Extension Developers

Caido plugin to cap and split workspace files by size — ideal for proxy files/log uploads with file size limits.

A Productivity-Boosting Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.

contains what it says on the tin, fork of zardus/ctf-tools

Good resources about web security that I have read.