Projects

Here are a few of my active or completed projects:

GainSec in the Middle (G.I.T.M)

Implementation of a Man-in-the-Middle Router/ Access Point (AP). Used for embedded, IoT, hardware and other penetration tests, hacks and research. Out of the box it:

  • Checks if wireless interface is soft-blocked
  • Access Point Creation (wlan0_ap) via hostapd
  • DHCP + DNS via dnsmasq
  • Bridges vAP (br0) enables IP forwarding & NAT via iptables
  • Tears it all down smoothly; a must for troubleshooting
  • Outputs and logs almost everything
  • Aggregates all relevant logs into one directory
  • Prints (and logs) when new devices connect to the AP including at what date, time, MAC address and IP they were assigned
  • Optional: Generates CA * Key if missing, configures HTTPS redirection to local port, configures and starts sslsplit
  • Optional: Dump traffic to pcap via tcpdump
  • Optional: Live-view traffic via tcpdump
  • Optional: Preps cert for Android system import
  • Optional: Preps cert for Burp Suite import
  • And More

Link HERE

Chickenpete

Golden Nuggets

A Burp Plugin enabling a one click solution for instantly creating URI, URI Param and Single Word Wordlists from any selected Domains in Burp Suite.

Link HERE

68747470733a2f2f7669676e657474652e77696b69612e6e6f636f6f6b69652e6e65742f6b6e642f696d616765732f652f65622f4b6964735f4e6578745f446f6f725f4d6f6f6e626173652e6a70672f7265766973696f6e2f6c6174657374

Tree House Wordlists

Wordlist Project meant to add-on to the popular FuzzDB, SecLists, Blasting Dictionary, PayloadAllTheThings and more!

Link HERE

GainSec Local AI Stack

This is a work in progress as I continue to research, experiment and utilize AI impelementations. Everything runs locally, and can be used as individual services, via OpenWeb-UI or N8N.

Current Stack:

  • Open-WebUI – Web interface for running and managing LLMs like Ollama.
  • Ollama – Local LLM runner/manager for models like LLaMA, Mistral, etc.
  • Whisper – OpenAI’s speech/video file/audio file-to-text (audio transcription).
  • N8N – Workflow automation tool, like open-source Zapier.
  • Redis – In-memory key-value store, often used for caching.
  • Postgres – Powerful open-source relational database.
  • SearXNG – Privacy-respecting metasearch engine.
  • Stable Diffusion – Text-to-image AI generator.l
  • Crawl4AI – Web crawler + requester

Link HERE

Quick-Engagement-Directory-Creation-Script – Q.E.D.C.S

Quick Script to create a Engagement Root and Data Directory Structure for penetration testing or other types of offensive cyber security engagements

Link HERE

Mac OSX Application Fingerprint and Security Tool M.O.A.F.A.S.T.

Tool to automate some basic tasks done during a OSX Thick Client or Software Penetration Test. Checks for things like ARC, PIE, Canary, Codesignature Flags, NSFileProtect, Signature and more. Useful for iOS applications as well.

Link HERE

RTLOIFY

Tool to create strings with RTLO characters, change single filenames or even entire directories. Meant to be used for RTLO bypasses/testing in regards to hacking, offensive cyber security and penetration testing.

Link HERE

M5Stack Core2 Paxcounter

Ported Paxcounter for the M5Stack Core2. Lists number of nearby WiFi and Bluetooth devices.

Link HERE

IG Clone Tracker

Instagram Clone for use in labs. Can be used for researching, testing, prototyping, tracking.

Made for a specific use case as I couldn’t find one of the box that was viable. Can use this for whatever reason but target is to gather info about a user, capture their usage of the ‘fake’ Instagram feed, gather more info when they’ve reacted/viewed the whole feed and log it all clearly and in format(s) that is useful and sound.

Flock Safety Reverse Engineering & Security Research

Articles I’ve published in regards to my security research into Flock Safety devices:

Part 1: Bird Hunting Season – Security Research on Flock Safety’s Anti-Crime Systems: HERE
Part 2: Plucked and Rooted – Device 1: Debug Shell on Flock Safety’s Raven Gunshot Detection System: HERE
Part 3: Grounded Flight – Device 2: Root Shell on Flock Safety’s Falcon/Sparrow Automated License Plate Reader: HERE
Part 4: Trap Shooter – Flock Safety Sniffer & Alarm: HERE
Part 5: Root from the Coop – Device 3: Root Shell on Flock Safety’s Bravo Compute Box: HERE
Part 6: Fly-By – Device 2: The Falcon/Sparrow – Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More: HERE
Part 7: Button Presses to Wireless RCE: Shell on Flock Safety’s License Plate Cameras Over Wi-Fi: HERE
Part 8: Formalizing my Flock Safety Research: HERE
Part 9: BirdEye (Tool to Test Flock Safety’s ML Visual Recognition Models): HERE

Kapsch TrafficCom V2X & CV2X Reverse Engineering & Security Research

Articles I’ve published in regards to Kapsch Trafficcom’s CV2X and V2X Roadside Units (RSUs).

Link HERE

download

 Proof of Concept (PoC) for CVE: 2017-16744 and 2017-16748

A PoC script to check if a certain tridium niagara installation is vulnerable to either vulnerablity

Link HERE

mousejack

Weaponized Mousejack and Keysniff Vulnerabilities

A python script for the Crazy Radio USB Dongle that weaponized the Mousejack and Keysniff Vulnerabilities as well as creating a DB with the information gathered from running

Link HERE

Screen Shot 2020-05-06 at 11.43.09 PM

Dorker

A python CLI to assist in your search engine dorking! Just input what you’re looking for and let it format the dorks for you!

Link HERE

Contributions to SecLists

Although I’m not one of the maintainers of SecLists I did contribute five wordlists (so far!) to SecLists.

Link HERE

Contributed to LeakLooker-X

I’m not the creator of LeakLooker-X but I did contribute a few minor fixes!

Link HERE

CVE – Rbcafe

CVES Discovered

Check out the Press page HERE for a complete list!