I’m a CHECK Team Leader web app pentester and I largely build quick and dirty scripts to exploit web vulnerabilities. Some of my stuff is also in /nettitude.
Highlights:
- pwnlyoffice - Exploit ONLYOFFICE vulnerabilities for RCE
- xss_payloads - Do better than
alert(1) - zeropress - Dumb script for finding dumb PHP mistakes
- version-detective - Work out a target site’s framework version using git
- Random Scripts - A few surprisingly useful tools that get used in pentests quite a lot
- swagger-hose - Ingest a whole bunch of swagger docs and squirt requests in to speed up pentest triage / fuzzing
Posts:
- wifi-rc - Turning a cheap 90s RC car into an FPV drone with a Pi Zero
- santa - Faking a personal phone call from Santa in front of my kids
My stuff: