I’m a CHECK Team Leader web app pentester and I largely build quick and dirty scripts to exploit web vulnerabilities. Some of my stuff is also in /nettitude.
Highlights:
- pwnlyoffice - Exploit ONLYOFFICE vulnerabilities for RCE
- xss_payloads - Do better than
alert(1)
- zeropress - Dumb script for finding dumb PHP mistakes
- version-detective - Work out a target site’s framework version using git
- Random Scripts - A few surprisingly useful tools that get used in pentests quite a lot
- swagger-hose - Ingest a whole bunch of swagger docs and squirt requests in to speed up pentest triage / fuzzing
You can reach me on: