Searcher for cross-site leaks (XS-Leaks)

Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)

OWASP CRS (Official Repository)

Same Origin XSS challenge

XS-Leaks Wiki

A generator of weird files (binary polyglots, near polyglots, polymocks...)

Client Side Prototype Pollution Scanner

Prototype Pollution and useful Script Gadgets

Writeups for some CTF challenges. I keep the copy of task files in case you would like to try them yourself.

CTF writeups

Content-Type Research

The cheat sheet about Java Deserialization vulnerabilities

Reverse proxies cheatsheet

A JavaScript sandbox using proxies

justCTF 2019 challenges sources

Challenge repository for the watevrCTF 2019 CTF competition

ctf exploit codes or writeups

Implementation of attacks on cryptosystems

HTTPLeaks - All possible ways, a website can leak HTTP requests

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

List of XSS Vectors/Payloads

CTF write-ups

A tool to perform Sequential Import Chaining

A collection of browser-based side channel attack vectors.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers