This is where I store my public code, most of which is related to my pentesting/security work.
Some of the more interesting items are:
- My pentesting_stuff repository, which has a website with some simple writeups on niche subjects I sometimes need reminders on, and bits of code too small for their own repo to do various pentesting tasks
- vulnserver. I wrote this ages ago, its a simple server app that helps you learn software exploitation. Its inexplicably still relatively popular. I have a blog that has some articles describing how to exploit some of the vulnerabilities.
- breakableflask, a simple single file vulnerable web app that was designed to be used as a target for me to test exploitation tools against. Also works as a learning tool.
- Ive written new Burp extensions, and modified existing ones in Java and Python. Many have very niche uses, but even though I dont use them very often they do serve as good examples of how to write/modify extensions yourself. Examples here, here, here, here, here, here and here.
- This is a DNS server I wrote to facilitate the process of obtaining wildcard certificates from LetsEncrypt using the DNS01 protocol. I wanted something small and dedicated to purpose as I was running it on a system that was making several non traditional uses of DNS, including a dedicated Burp Collaborator server and a DNS tunneling service. To help route the DNS requests I also modified this to route DNS requests based on type.