This is your work, valued

USA

Dylan Ayrey

Elite
@dxa4481

Full stack hacker

Pastejacking. A demo of overriding what's in a person's clipboard

1.4k

WPA2-HalfHandshake-Crack. This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.

593

Snapper. A security tool for grabbing screenshots of many web hosts

329

cssInjection. Stealing CSRF tokens with CSS injection (without iFrames)

322

truffleHogRegexes. These are the regexes that power truffleHog

228

gcploit. These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok

174

XSSJacking. Abusing Self-XSS and Clickjacking to trigger XSS

136

windowHijacking. A demo of altering an opened tab after a timer

124

AttackingAndDefendingTheGCPMetadataAPI. This repo gives an overview of some GCP metadata API attack and defend patterns

80

XSSOauthPersistence. Maintaining account persistence via XSS and Oauth

78

Damn-Vulnerable-Redis-Container. An example of obtaining RCE via Redis and CSRF

76

whatsinmyredis. A CSRF demonstration of stealing local Redis data, and encrypting all Redis instances on a local network

53

inputProtectionShield. Eagle

50

CORS. JSON API's Are Automatically Protected Against CSRF, And Google Almost Took It Away.

34

CSRF-PoC-Genorator. This is a simple CSRF Proof of Concept generator that supports multiple form encodings and methods

33

santaHog. Scans packages in npm and pypi for secrets

31

mimikittenz4Linux. Steals cleartext passwords from webservices, by reading the memory of browsers

28

clientHashing. A demonstration of secure hashing done client side

24

logger. Simple javascript logging of fingerprint, IP address and user agent

20

bygonessl. A tool to discover bygonessl vulnerabilities using the facebook API

20

SmartHealthCardViewer. Smart Health Card Viewer, view your California Smart Health Card Vaccination record

9

domainAbandonedDetector. Detects abandoned domains referenced in HTML

8

BitRush. An open source project for bitcoin mining on an FPGA

7

fierce. A DNS reconnaissance tool for locating non-contiguous IP space.

6

redirect_demo. HTML

6

dxa4481.github.io. This is my resume, in HTML/CSS

6

JayPi. Translating JTAGENUM to Python for the Raspberry Pi

6

gpsIoTTracker. This simple python module takes GPS locations of a moving object, and measured signal strengths of an IoT object and uses trilateration and the method of least squares to solve for the location of the object

5

JohnWilliams. JavaScript

5

security_reports. A simple template that can be used to deliver security reports either for bug bounties, internal reports, or consultancy work

4

Veyebrations. We are creating a system that translates measured distances of physical objects into vibrations to assist the blind

4

Open-Source-FPGA-Bitcoin-Miner. A completely open source implementation of a Bitcoin Miner for Altera and Xilinx FPGAs. This project hopes to promote the free and open development of FPGA based mining solutions and secure the future of the Bitcoin project as a whole. A binary release is currently available for the Terasic DE2-115 Development Board, and there are compile-able projects for numerous boards.

3

evilModel. Python

3

penguin. A restful single page app tool sharing application

3

SocialEngineeringPresentation. A simple presentation on social engineering

2

HIVStats. This application makes HIV statistics very accessible

2

coolSVGXSS. simple demo of XSS in an SVG

2

Tutorials. Learning new things

2

VibrationAPI. An example of the HTML5 vibration API

2

secretsandstuff.

2

log_handler. The backend log handler for logger.io

2

dotGitFinder. JavaScript

2

ShadowBuster. JavaScript

2

SecurityTarotCard. JavaScript

1

goproxy. An HTTP proxy library for Go

1

serviceworkerCSRFLogout. HTML

1

DNS-supplychain-frontend. JavaScript

1

evil-repo. "><script>prompt(1)</script>''"><!--<svg>

1

HelloShiftLeft-Mar2021. Java

1

blog. HTML

1

FingerprintPressure. This simple demo shows given an image of a fingerprint, you can determine how hard the person was pushing down

1

serverConfigs. The server configuration files for security.love and e-q.pw

1

insecureLamp. a very simple insecure web application designed to turn a lamp on and off

1

xsshunter-express. An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

1

SeriousApiarist. Controlled builds, tests, static analysis, releases, and deploys with validation and 2FA and live streaming to your CI

1