Fast passive subdomain enumeration tool.

Help secure Express apps with various HTTP headers

Slide deck and demo code for my DEFCON 26 talk

A container repository for my public web hacks!

Exploit written in Python for CVE-2018-15473 with threading and export formats

A Collection of Scripts Which Disable / Remove Windows 10 Features and Apps

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.

Go ODM for MongoDB

Probe a rendering engine for vulnerabilities and other features

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Proof-of-concept codes created as part of security research done by Google Security Team.

A Tool for Domain Flyovers

Automatically exported from code.google.com/p/unix-privesc-check

VMware Escape Exploit before VMware WorkStation 12.5.5

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.

Open source obfuscation tool for .NET assemblies

A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)

Tool to scan for secret files on HTTP servers

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.

Distributed alerting for the masses!

A forensic evidence collection & analysis toolkit for OS X

Low-Budget Password Strength Estimation

Automatically exported from code.google.com/p/cpassman

The Bug Hunters Methodology

Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.

Simple DNS Rebinding Service

A reviewed list of useful PHP static analysis tools

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…