manuka. A modular OSINT honeypot for blue teamers
348from-day-zero-to-zero-day. Scripts and examples for "From Day Zero to Zero Day" by Eugene Lim.
255webpack-exploder. Unpack the source code of React and other Webpacked apps!
119spring-boot-actuator-h2-rce. Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database
109ogp-ctf-2024. A web CTF for training developers in bug hunting and secure coding!
101CVE-2020-10665. POC for CVE-2020-10665 Docker Desktop Local Privilege Escalation
53npm-scan. An extensible, heuristic-based vulnerability scanning tool for installed npm packages
50npm-zoo. A zoo for malicious NPM packages
20accent-trainer. Flask webapp/endpoint that compares the user's speech with different accents and assigns similarity scores based on speed, voice (DTW/MFCC), and accuracy. The accents are generated from Amazon Polly and accuracy analysis using Bing Speech API speech to text.
18detect-cve-2024-4367. YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js
11serverless-recon-example. Example of a serverless web reconaissance workflow's AWS architecture.
11icalendardb. A data
11detecting-fake-text. Giant Language Model Test Room
8lohrem-ipsum. A Singlish version of the classic Lorem Ipsum generator coded as a Racket webapp.
4streamliner-doc-word-replacer. Flask webapp that replaces words in documents according to debate tournament rules. Useful if you want to quickly replace a dictionary of words and save syllables.
3road-sign-manager. A civic hacking project in collaboration with MakeHaven and New Haven Transportation. A cloud road sign manager platform.
3aws-amazon-polly-flask-sample. Amazon Polly implementation that mirrors the Python example provided by AWS, only using the Flask framework.
3manuka-client. Frontend client for Manuka
2unicollider. An elegant frontend to generate and detect possible Unicode transformation collisions.
2SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
2npm-scan-backtest. Backtest npm-scan on past updates on npmjs
1code4good-crash-course. A developer crash course for my team at Code4Good.
1tsunami-security-scanner-plugins. This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
1electronic-road-sign-simulator. Express app that simulates an electronic road sign that is updated over the web live via websockets.
1manuka-listener. Listener honeypot for Manuka
1manuka-server. REST API and business logic for Manuka
1cryptopals-rust. Rust
1SSRFTest. SSRF testing tool
1jobcan-automatic-clock-chrome-extension. Chrome extension for automatic clocking on JobCan (Unofficial)
1