wfuzz go brrrrr

gather Intel using telegram username

Presentation slides and code samples of my talks

A purposefully vulnerable HTTP server showcasing potentially vulnerable code patterns

the web security and auditing tool

Detects dynamic JavaScript that may leak sensitive data using a browser extension and server-side diffing. Based on an empirical study by Sebastian et al. (2015).

This is the source code of my website. Feel free to poke around, break things, or contribute if you're feeling helpful.

big ip相关渗透辅助工具

Caido plugin to cap and split workspace files by size — ideal for proxy files/log uploads with file size limits.

A Caido extension written in Typescript that makes an OPTIONS request and determines if other HTTP methods than the original request are available. If there are other methods available, findings are created on the fly which will be enhanced based on pending further capabilities from the Caido SDK.

Z-Vulnerable-Website-Project (ZVP for short) is a project where I try to create a custom vulnerable website for learning and demonstrating common web security flaws.

Dockerfiles, setup instructions, code and write-ups for hands-on exploration of Carsten Eiler's book "You've Been Hacked" on security vulnerabilities in web applications.

🔍 Explore a comprehensive collection of cybersecurity interview questions and answers, designed for all positions in the field.

I have no idea how to make it safer: Studying Security and Privacy Mindsets of Browser Extension Developers

NoSQLInsanity: Tool for Security Assesment NoSQL (Linear Search VS Binary Search)

📦 general-purpose, "black box" CGI auditing tool (ARCHIVE)

AI algorithm to read and write distorted text from CAPTCHA.

JavaScript逆向脚本开发基础组件：hook事件监听器，侵入接管事件触发逻辑

contains what it says on the tin, fork of zardus/ctf-tools

A Productivity-Boosting Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.