Tools

Collection of penetration testing methodologies, security research notes, proof-of-concept exploits, and custom tools developed for security assessments and vulnerability research.

• ›Pentesting methodologies & workflows
• ›Command syntax & cheat sheets
• ›Research notes and PoC exploits
• ›Offensive techniques & red team tradecraft

Phishing framework for creating realistic social engineering campaigns, with support for redirectors, payload delivery, interaction tracking, and campaign analysis.

• ›Automated phishing infrastructure deployment
• ›Built-in GoPhish integration for campaigns
• ›Redirector with filtering and cloaking options
• ›Terraform + Ansible for cloud provisioning

A collection of custom scripts and tools built out of pain and tears to help with day-to-day activities in my current job ranging from extractors to beautifying tool output.

• ›FortiCarve — FortiGate switch config extractor
• ›Yss-Generator — generate ysoserial payloads
• ›DNSBeauty — beautifies dig output
• ›ShellUp — reverse shell syntax helper

A custom built vulnerable web application designed for pentesters to practice various 403 bypass techniques found in the wild and during my day job.

• ›Various challenges ranging in difficulty
• ›Mimics real-world application features
• ›Flag submission to track progress
• ›Built from real-world examples

An in-house markdown-to-PDF tool for producing clean PDF cheatsheets and technical notes — mainly used for easy, clean notes design for use during exam scenarios.

• ›Dynamic cheat sheet generation via markdown
• ›Customizable PDF template
• ›Supports YAML metadata for title page
• ›Designed to convert Obsidian MD files into PDFs

An old in-house pentest report templating tool designed to help gain experience in writing professional grade reports. This was made in my off-time to practice writing reports.

• ›Runs as a web app or from the CLI
• ›Easily add templated findings, saving time
• ›Easily customisable Jinja2 templates
• ›Docker compose support for easy deployment