Tools

Open-source security tools and utilities developed to assist with penetration testing, vulnerability research, and security assessments.

Atlas (In Development)

Site

Collection of penetration testing methodologies, security research notes, proof-of-concept exploits, and custom tools developed for security assessments and vulnerability research.

Features:

  • Pentesting methodologies, workflows, and guides.
  • Command syntax & pentesting cheat sheets.
  • Research notes and PoC exploits.
  • Offensive security techniques and red team tradecraft.

LureKit (In Development)

Tool

Phishing framework for creating realistic social engineering campaigns, with support for redirectors, payload delivery, interaction tracking, and campaign analysis.

Features:

  • Automated phishing infrastructure deployment
  • Built-in GoPhish integration for campaigns
  • Redirector with filtering and cloaking options
  • Terraform + Ansible for cloud provisioning

pentest-tools

Tool

A collection of custom scripts and tools built out of pain and tears to help with day-to-day activities in my current job ranging from extractors to beautifying tool output.

Tools:

  • FortiCarve - FortiGate switch config extractor.
  • Yss-Generator - generate ysoserial payloads.
  • DNSBeauty - beautifies dig output.
  • ShellUp - utility to remember syntax for rev shells.

GateCrash (In Development)

Tool

A custom built vulnerable web application designed for pentesters to practice various 403 bypass techniques found in the wild and during my day job.

Features:

  • Various challenges ranging in difficulty.
  • Mimics real-world application features.
  • Flag submission to track progress.
  • Built from real-world examples.

GhostSheet

Tool

An in-house markdown-to-PDF tool for producing clean PDF cheatsheets and technical notes - mainly used for easy, clean notes design for use during exam scenarios.

Features:

  • Dynamic cheat sheet generation via markdown.
  • Customizable PDF template.
  • Supports YAML metadata to customize title page.
  • Designed to convert Obsidian MD files into PDFs.

StrikeLog

Tool

An old in-house pentest report templating tool designed to help gain experience in writing professional grade reports. This was made in my off-time to practice writing reports.

Features:

  • Runs as a web app or from the CLI.
  • Easily add templated findings, saving time.
  • Easily customisable Jinja2 templates.
  • Docker compose support for easy deployment.