This is your work, valued
Pastejacking. A demo of overriding what's in a person's clipboard
1.4kWPA2-HalfHandshake-Crack. This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
593Snapper. A security tool for grabbing screenshots of many web hosts
329cssInjection. Stealing CSRF tokens with CSS injection (without iFrames)
322truffleHogRegexes. These are the regexes that power truffleHog
228gcploit. These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
174XSSJacking. Abusing Self-XSS and Clickjacking to trigger XSS
136windowHijacking. A demo of altering an opened tab after a timer
124AttackingAndDefendingTheGCPMetadataAPI. This repo gives an overview of some GCP metadata API attack and defend patterns
80XSSOauthPersistence. Maintaining account persistence via XSS and Oauth
78Damn-Vulnerable-Redis-Container. An example of obtaining RCE via Redis and CSRF
76whatsinmyredis. A CSRF demonstration of stealing local Redis data, and encrypting all Redis instances on a local network
53inputProtectionShield. Eagle
50CORS. JSON API's Are Automatically Protected Against CSRF, And Google Almost Took It Away.
34CSRF-PoC-Genorator. This is a simple CSRF Proof of Concept generator that supports multiple form encodings and methods
33santaHog. Scans packages in npm and pypi for secrets
31mimikittenz4Linux. Steals cleartext passwords from webservices, by reading the memory of browsers
28clientHashing. A demonstration of secure hashing done client side
24logger. Simple javascript logging of fingerprint, IP address and user agent
20bygonessl. A tool to discover bygonessl vulnerabilities using the facebook API
20SmartHealthCardViewer. Smart Health Card Viewer, view your California Smart Health Card Vaccination record
9domainAbandonedDetector. Detects abandoned domains referenced in HTML
8BitRush. An open source project for bitcoin mining on an FPGA
7fierce. A DNS reconnaissance tool for locating non-contiguous IP space.
6redirect_demo. HTML
6dxa4481.github.io. This is my resume, in HTML/CSS
6JayPi. Translating JTAGENUM to Python for the Raspberry Pi
6gpsIoTTracker. This simple python module takes GPS locations of a moving object, and measured signal strengths of an IoT object and uses trilateration and the method of least squares to solve for the location of the object
5JohnWilliams. JavaScript
5security_reports. A simple template that can be used to deliver security reports either for bug bounties, internal reports, or consultancy work
4Veyebrations. We are creating a system that translates measured distances of physical objects into vibrations to assist the blind
4Open-Source-FPGA-Bitcoin-Miner. A completely open source implementation of a Bitcoin Miner for Altera and Xilinx FPGAs. This project hopes to promote the free and open development of FPGA based mining solutions and secure the future of the Bitcoin project as a whole. A binary release is currently available for the Terasic DE2-115 Development Board, and there are compile-able projects for numerous boards.
3evilModel. Python
3penguin. A restful single page app tool sharing application
3SocialEngineeringPresentation. A simple presentation on social engineering
2HIVStats. This application makes HIV statistics very accessible
2coolSVGXSS. simple demo of XSS in an SVG
2Tutorials. Learning new things
2VibrationAPI. An example of the HTML5 vibration API
2secretsandstuff.
2log_handler. The backend log handler for logger.io
2dotGitFinder. JavaScript
2ShadowBuster. JavaScript
2SecurityTarotCard. JavaScript
1goproxy. An HTTP proxy library for Go
1serviceworkerCSRFLogout. HTML
1DNS-supplychain-frontend. JavaScript
1evil-repo. "><script>prompt(1)</script>''"><!--<svg>
1HelloShiftLeft-Mar2021. Java
1blog. HTML
1FingerprintPressure. This simple demo shows given an image of a fingerprint, you can determine how hard the person was pushing down
1serverConfigs. The server configuration files for security.love and e-q.pw
1insecureLamp. a very simple insecure web application designed to turn a lamp on and off
1xsshunter-express. An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
1SeriousApiarist. Controlled builds, tests, static analysis, releases, and deploys with validation and 2FA and live streaming to your CI
1