Offensive security researcher building open-source tools for pentesting, privacy, and vulnerability research. My tools scale human expertise through automated discovery and live threat intelligence — continuously syncing with NIST NVD and CISA KEV to adapt as vulnerabilities emerge, while analyzing thousands of targets with the nuance of manual analysis.
Every tool in this portfolio solves the same problem: scaling human expertise. Whether it's reconnaissance, exploitation, or attribution, the pattern is consistent — automate the tedious, preserve the nuance, correlate against live vulnerability data. Tools are grouped below by phase: attack surface discovery, targeted exploitation, passive detection, and threat attribution.
Next-generation SQL injection scanner with AI-powered payload generation, data-driven WAF bypass engine (10 provider YAMLs), Trickest CVE integration (23K+ CVEs), pipeline/CI support (SARIF, JSONL), and 12 enhancement modules including second-order SQLi, GraphQL injection, and exploit chain discovery.
Compresses multi-day SQLi testing into a single automated run with concurrent multi-URL scanning, GPT-4 adaptive payloads, and CI/CD-ready output.
Most dark web tools tell you what's out there. ShadowHunter tells you who's behind it. It aggregates intelligence across Tor hidden services, cryptocurrency transaction graphs, and clearnet sources, then uses Neo4j graph analysis to connect actors across underground activity — built for attribution, not just monitoring.
Example: When a Bitcoin wallet appears in a paste site leak, ShadowHunter traces the transaction history, checks if any hop connects to a known actor in the graph, and surfaces the full attribution chain — automatically.
In Development: Extended orchestration (IntelligentEventRouter, CircuitBreaker), community-shared intelligence graph
Automated attack surface discovery — map targets fast, find weaknesses before adversaries do.
High-performance async port scanner with 500+ CVE signatures, service fingerprinting, passive recon (Shodan InternetDB), host discovery, CDN/WAF auto-skip, UDP scanning, QUIC v1/v2 detection, Nmap piping, script hooks, and LLM scan summaries with prompt-injection hardening.
1000+ ports/second with 6 timing profiles, scope authorization, and audit logging. Reports in HTML, Nmap XML, Nuclei JSON, and machine-readable list formats.
Intelligence-driven default credential scanner across 8 protocols (SSH, HTTP, FTP, Telnet, Redis, MongoDB, MySQL, SNMP) with real-time CVE enrichment via NIST NVD and CISA KEV. Async scanning, FastAPI REST API, SIEM export, and multi-channel notifications.
Finds default creds on vulnerable services and delivers both the access and the CVE — instant context for prioritization. 3-5x faster with async mode.
Production-grade subdomain takeover detection with 40+ cloud provider fingerprints, active enumeration (CT logs, Web Archives, DNS brute), DNS-over-HTTPS, second-order CNAME chain analysis, NS delegation takeover, expired domain detection via RDAP, and behavioral anomaly engine.
Hunts phantom subdomains before attackers claim them. Four detection layers: discovery, verification, analysis, and cutting-edge DNS security.
Targeted vulnerability exploitation — CVE-informed, adaptive, and WAF-aware.
Professional JWT security testing toolkit. 15+ vulnerability checks, 100K secret wordlist (~19K/s cracking), and CVE-specific attacks: algorithm confusion (CVE-2022-39227), kid injection, JKU/X5U injection, null signature bypass, psychic signature, and JWKS spoofing.
Analyzes, cracks, forges, and exploits JWTs — from weak secrets to CVE-specific attack chains — in a single automated audit.
Passive security scanning — identify misconfigurations, exposed secrets, and emerging threats without triggering alerts.
Advanced security scanner for the 2025+ threat landscape. 100+ patterns detect exposed files, React2Shell (CVE-2025-55182), ML model poisoning (pickle opcode analysis), LLM infrastructure exposure, invisible Unicode attacks (GlassWorm), cloud assets, and CI/CD configs. Includes MCP server for AI agent integration.
Catches modern threats that traditional SAST misses — from AI model poisoning to Unicode Trojan Source — with 95%+ false positive reduction.
Browser extension scanning 7+ storage types, WebSocket traffic, Service Worker caches, and GraphQL endpoints for exposed secrets. 157 patterns, ML-powered classification, live verification against 9 provider APIs, and asset-based risk scoring. Zero dependencies, Manifest V3.
Scans the attack surface most tools ignore — live websites, WebSocket traffic, and Service Worker caches — with ML classification and live secret verification.
HTTP security header scanner with 60+ header checks, 1,200+ fingerprinting signatures, CVE correlation with CISA KEV, compliance mapping (OWASP 2025, PCI-DSS 4.0, SOC 2), historical drift detection, and AI-powered remediation via MCP server.
Grades security posture A-F, maps misconfigs to CVEs, and tracks drift over time — with SARIF output for GitHub Code Scanning.
Automated security testing for REST and GraphQL APIs. Full OWASP API Security Top 10 (2023) coverage: SSRF, BOLA/IDOR, auth bypass, GraphQL abuse, rate limit bypass, and secret scanning. CVE-sourced payloads, SARIF output, web dashboard, and Docker support.
Covers the full OWASP API Top 10 in a single async pass — SSRF, BOLA, JWT, GraphQL, rate limits — with SARIF for CI/CD integration.
Browser-native behavioral security — protect users without compromising their data.
Anti-behavioral fingerprinting browser extension. 22 protection modules defend against keystroke dynamics, mouse/scroll/touch tracking, device motion fingerprinting, and timing attacks. Adaptive delay injection with log-normal distribution, ML evasion patterns, and stealth mode. React 18 + TypeScript on Manifest V3. Zero data transmitted.
Defeats behavioral biometrics tracking that identifies you even in private browsing — 22 modules, three privacy levels, under 2ms overhead.