Projects
Red Team & offensive security 6
C2 & implants, low-level (kernel) research, web shells, training labs, CTF tooling.
- Red Team
Minotaur — a Mythic C2 agent in Rust (work in progress)
An agent for the Mythic command-and-control framework, written in Rust: a compact implant + a Payload Type service that plugs it into Mythic. Being finished up — the code lands here once it's ready.
- Red Team
CoKernel — a stealthy "co-kernel" running alongside Linux (PoC)
An independent execution component that coexists with an x86-64 Linux kernel inside a QEMU VM, aiming for invisibility across three surfaces: memory (pages off the direct map), execution (driven by a hardware PMI on the PMU — no hooks, no text patching), and behaviour (the loader module self-hides from lsmod/sysfs/kallsyms), while staying CET-compatible.
- Red Team
ad-lab-badblood-rockyou — a realistic Active Directory lab to practise on
A variant of [BadBlood](https://github.com/davidprowe/BadBlood) (by David Rowe) that fills a lab AD domain with a large, realistic set of users / groups / OUs / computers and random ACLs — but assigns weak passwords drawn from a rockyou-style list, so you can practise password-spraying / weak-credential attack paths on top of the ACL/structure exercises.
- Red Team
php-webshell-poc — a single-file PHP web shell (teaching PoC)
A single-file PHP web shell — a proof of concept for learning, CTF and authorized testing: run commands, change directory, list/download files, via a minimal web UI.
- Red Team
PwnUtils — small pwn / CTF helpers in Python
A collection of Python helpers for binary exploitation / pwn challenges: a CLI cyclic-pattern offset finder, a flexible payload-bytes builder, and a tiny helper that exposes your `.py` tools on `PATH`.
- Red Team
Mythic C2 agents — Kraken & Proteus (coming soon)
More agents for the Mythic command-and-control framework, being finished up: Kraken, Proteus. (Minotaur already has its own card above.) They'll be published here once ready.
Web & bug bounty 6
Intercepting proxies, Burp extensions, automated recon/fingerprinting, a dedicated container.
- Web & bug bounty
apk-bb-scanner — Android APK static-analysis pipeline for bug bounty
Give it a list of in-scope apps; it downloads them, decompiles them two ways (smali + Java), runs 13 analysis modules over the result, and produces XLSX + JSON reports with severity scoring and CWE mapping. Parallelised across every phase; optional Frida integration.
- Web & bug bounty
burp-gobuster — content discovery inside Burp (+ gocrawlerd)
A Burp Suite extension that drives a content-discovery / fuzzing crawler from inside Burp: pick a seed, fuzz it, and hits stream in as real Burp HTTP messages you can pivot to Repeater from. The crawl engine runs in a separate Go service, gocrawlerd.
- Web & bug bounty
swatter — automated bug-bounty recon & fingerprinting
Discovers subdomains, crawls targets, fingerprints the stack with 10 passive detectors, and runs deep modules against what it finds (WordPress / Drupal / GraphQL / Swagger / Magento / Next.js). Async Python, strict layered architecture (L1→L4), SQLite per scope, optional VPN rotation. Runs inside the kali-bb container.
- Web & bug bounty
RUP — a Burp-like intercepting proxy as a desktop app
A desktop app (Tauri 2 + TypeScript UI, Rust backend) reproducing the core of a Burp-style workflow: a local HTTPS MITM proxy, a Chromium pinned to it, request capture/replay, incremental target mapping.
- Web & bug bounty
kali-bb — a purpose-built Kali Docker container for bug bounty
A lightweight, tailored Kali image: exactly the recon/web tooling needed, multi-stage build in ~5 min (vs ~2 h), ~3.2 GB (vs ~15 GB), host networking, none of the GUI/VPN-wrapper baggage of an Exegol-style box. Serves as the runtime environment for swatter.
- Web & bug bounty
burp-sqlmap — launch and track sqlmap from inside Burp
A Burp Suite extension that launches and tracks [sqlmap](https://sqlmap.org/) runs from Burp: right-click a request → "Send to sqlmap" → a dedicated pre-filled tab, you tweak the options, the extension spawns sqlmap and surfaces its output without leaving Burp.
Systems & infrastructure 5
Platforms, an edge proxy, kernel hardening, ops tooling, environment bootstrap.
- Systems & infra
ZRO — a browser-based Linux remote desktop
A single Rust runtime turns a Linux server into a desktop reachable from any browser: each app is an isolated process, rendered in a window-manager shell, multiplexed over one WebSocket per session.
- Systems & infra
OpenFlare — an edge proxy you can read
A complete but compact L7 reverse proxy (Go): HTTP cache, basic WAF, rate limiting, observability — plus a Python test origin and a pytest E2E suite. A study of how a Cloudflare-style edge node works, minus the global-network parts.
- Systems & infra
klock — runtime kernel lockdown (Debian + Secure Boot)
A post-boot loadable kernel module that, once activated, denies any new means of introducing or modifying kernel-mode executable code on a stock Debian x86-64/arm64 kernel with Secure Boot — then seals itself in (can't be unloaded or disarmed). The defensive counterpart to CoKernel.
- Systems & infra
iloctl — drive an HPE iLO 5 BMC from the CLI (Redfish)
A small Go CLI to control an HPE iLO 5 management controller over Redfish: power control (on/off/graceful-off/restart/cycle) and "deterministic" one-time UEFI boot selection (requires PowerState=Off). Builds for Linux and Android (arm64). Credentials via environment variables, never hard-coded.
- Systems & infra
dev-setup-scripts — bootstrap a Linux dev environment
A collection of one-shot scripts to bring a fresh Linux box up to a working dev environment: Docker, Go, Rust, Node, Python, Java, build tools, networking tools, clipboard, shell config, editors. Each `install-<thing>.sh` is independent; `install-all.sh` runs the lot.
Embedded, hardware & EDA 4
BLE/ESP32 & SBCs, KiCad — from design assistance to BOM import.
- Embedded & EDA
kicad-design-agent — from a prompt to KiCad schematics, AI-assisted
An LLM agent designs the circuit (every component as a real LCSC part, supporting circuitry, section planning), then a deterministic tool chain turns that design into hierarchical `.kicad_sch` files (footprints, symbols, 3D models), a BOM, and pin-level wiring instructions.
- Embedded & EDA
easyeda2kicad-bom-importer — from a CSV BOM to KiCad libraries
A CLI that bulk-imports a CSV BOM (LCSC / JLCPCB) into KiCad libraries: footprints, 3D models and symbols downloaded via the EasyEDA API, an enriched output CSV with each part's status, and optional hierarchical schematic generation.
- Embedded & EDA
DBUS-BLE-Connection — a BLE framework, Linux ⇄ ESP32
A C++ framework for serial-style Bluetooth Low Energy communication between a Linux machine and a BLE device (ESP32), via BlueZ and D-Bus. Wrap GATT services/characteristics in a clean API, build a `.so`, link it from your program. The matching ESP32 firmware lives in a separate repo.
- Embedded & EDA
ESP32_BLE_Connection — the ESP32 device-side firmware
The device side of [DBUS-BLE-Connection](https://github.com/ZZ0R0/DBUS-BLE-Connection): a PlatformIO firmware that exposes a BLE GATT service with RX/TX characteristics so a Linux host (using the DBUS-BLE-Connection framework, via BlueZ/D-Bus) can talk to the board like a serial link.
Dev, internals & side projects 5
A Rust game engine, an MCP server, small desktop utilities — and a thermodynamic timer.
- Dev & internals
voxel-space-sandbox — a Space-Engineers-style engineering sandbox, in Rust
Build ships and stations out of grid blocks, mine and reshape destructible voxel planets/asteroids, with Newtonian physics, energy/resources/logistics, structural damage and pressurisation — solo or dedicated server. Engine in Rust (wgpu/WGSL).
- Dev & internals
TelegramMCP — an MCP ⇄ Telegram bridge (with "ask_human")
A small MCP (Model Context Protocol) server that lets an MCP client (Claude Code, Cursor…) talk to a Telegram chat: send messages, push files (reports, logs), read recent messages, and ask a human a question and wait for the reply (human-in-the-loop). Built for agent workflows that want a phone in the loop.
- Dev & internals
html-desktop-background — an HTML/JS page as your wallpaper
A small C++/Qt5 app that renders an `index.html` page as your Linux desktop wallpaper: it loads the page in a WebKit view and parents that view to the root window, so anything you can build with HTML/CSS/JS (animations, clocks, dashboards, shaders) becomes your live background.
- Dev & internals
typing-pause-overlay — an overlay that nudges you when you stop typing
A minimal Windows overlay (~1 file of Rust) that pops up when you stop typing for N seconds: it shows writing time, idle time, key count and average CPS, then hides as soon as you type again. No admin, no disk I/O, no network.
- Dev & internals
FreshDrinkTimer — thermodynamics, applied to beer 🍺❄️
Yes, I wrote a cross-platform app (Tauri v2, desktop + Android) with an actual thermodynamic model to answer *the* existential question — is it cold yet? Newton's law of cooling, notifications even when the app is closed, ambient temperature via Open-Meteo, and a deliberately "usable in all conditions" UX.