Security developer and threat researcher building open-source tooling across penetration testing, detection engineering, DFIR, browser security, and threat intelligence. My research centers on the AI and LLM attack surface — prompt injection (multilingual, encoding, and memory-based), AI-agent tool-call integrity, and LLM supply-chain attacks — and the detection tooling that counters them. I find the gaps in modern security tooling, then write the code to close them.
Tools for authorized penetration testing, vulnerability research, and red team operations.
| Tool | Description | Stack |
|---|---|---|
| Credence | Exposure intelligence for the AI-infrastructure layer · live credential verification across 16 providers, MCP/agent posture scoring, git-metadata secrets, exploitability-ranked SCA, CycloneDX AI-BOM, OWASP LLM + MITRE ATLAS tagging, SARIF dedup | Python |
| Stiletto | SQL injection scanner with CVE sync from 23k+ Trickest repo, AI-generated payloads, and WAF bypass engine | Python |
| ClaimJumper | JWT toolkit · 15 vulnerability checks, algorithm confusion (CVE-2022-39227), kid injection, null signature bypass, 100k wordlist crack | Python |
| Dockyard | Async port scanner · 1000+ ports/sec, 17 protocol probes, 500+ CVE signatures, QUIC detection, LLM-hardened summary | Python |
| Specter | Subdomain takeover scanner across 40+ cloud providers with behavioral anomaly detection and YAML-based detection rules | Python |
| Restless | REST and GraphQL API scanner covering OWASP API Top 10 · SSRF, BOLA, auth bypass, rate limit evasion, CVE-sourced payloads | Python |
| Argus | Default credential scanner across SSH, HTTP, FTP, Telnet, Redis, MongoDB, MySQL, and SNMP with CVE enrichment and CISA KEV integration | Python |
Tools for threat detection, DFIR, and defensive monitoring.
| Tool | Description | Stack |
|---|---|---|
| Lure | Browser phishing defense platform · 49 detectors across 25 implementation waves, AiTM proxy detection, deepfake track injection, and email analysis CLI | JS / Python |
| Vigil | Browser-native Windows event log DFIR · 31 Sigma rules, Shannon entropy scoring, ScriptBlock reassembly, process lineage, and ATT&CK technique heatmap | React |
| Shrike | PCAP forensics via behavioral analysis · C2 beaconing, DNS tunneling, NTLM relay, OT/ICS attacks, WebSocket C2, DGA scoring, and 26-tab HTML report | Python |
| Corsair | HTTP security header scanner · 60+ checks, CVE correlation, 1200+ fingerprinting signatures, SARIF output for GitHub Code Scanning | Python |
| ShadowHunter | Dark web threat intelligence platform · credential monitoring, ransomware leak tracking, IAB marketplace intelligence, stealer log analysis | Python |
| Prizm | Browser client-side secret scanner · 157 patterns across 7 storage types plus WebSocket traffic, ML classification, and live API verification | Chrome MV3 |
| Kala | Behavioral fingerprinting protection · randomizes typing cadence, mouse dynamics, and touch patterns to defeat analytics-layer deanonymization | TypeScript |
Cryptographic tooling for the Solana ecosystem — air-gapped key custody and cross-chain asset migration.
| Tool | Description | Stack |
|---|---|---|
| Kyma | Sound as a hardware security module for Solana · cold signing and seed recovery over audio, ggwave FSK modulation, LSB music steganography, AES-256-GCM, Android Keystore | Kotlin |
| Kiln | Teleburn protocol for permanently migrating Solana NFTs to Bitcoin Ordinals · atomic burn-plus-memo, on-chain cryptographic proof, public verification | TypeScript |
Python JavaScript TypeScript Kotlin React
MITRE ATT&CK Sigma SARIF STIX 2.1 CycloneDX
All tools are for authorized security testing only. See individual repositories for legal notices.