🛠 Tools

  • fuzzy - A distributed fuzzing framework created for fuzzing firefox but works pretty generally.
  • browsercookie-rs - A rust crate to mimic python browsercookie library.
  • Rinnegan - A tracer for better understading of distributed application internals.
  • Garfield - An open source framework for scanning and exploiting distributed systems.
  • Lazyfill - A small js userscript library which can autofill forms for you, made to automate parts of sec bug filing.
  • mitmpeep - A small python library with an ambitious aim of helping you write effective mitmproxy scripts.
  • Pocuito - A tiny chrome extension to record and replay your web application proof-of-concepts.
  • OWTF - Offensive Web Testing Framework is a try to make pentesting more efficient.
  • Flashriot - A shell script wrapper around flashbang for testing multiple flash files from the command line.
  • Flashbang - An open source flash security helper with a very specific purpose of finding flashVars of a naked swf.
  • NMDC Crawler - A python script for gathering metadata of shared files on NMDC networks.
  • thedumpster - A python script for passive recon on a domain using google.

Talks

  • (Video) Troopers 2017 - How we hacked DCMS.
  • (Slides) (Video) NullCON 2017 - Tale of training a Web Terminator!
  • (Slides) (Video) PyCON 2015 - Building Offensive Web Security Framework in Python.
  • (Slides) (Video) BruCON 2014 - 5by5 OWASP OWTF.