CDL Logo

Projects

Some projects I've worked on.

gau

gau is a tool that fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain.

Go

jenkinz

jenkinz is a tool to retrieve every build for every job run on a given Jenkins instance. This allows an attacker to find secrets within logs

Go

secretz

secretz is a tool that minimizes the large attack surface of Travis CI. It automatically fetches repos, builds, and logs for any given organization.

Go

theftfuzzer

theftfuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

Python

sslc2

sslc2 is a simple c&c example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate. A fun proof-of-concept and my final project for CSC 314 @ Dakota State University.

Assembly, Go

brute53

brute53 is a tool to bruteforce nameservers when working with subdomain delegations to AWS. Based off Frans Rosén's talk "DNS hijacking using cloud providers - no verification needed".

Go