Projects

Below is a list of some of my projects which are publicly available.

spydom

https://github.com/danielthatcher/spydom

A scanner that automates Chrome headless to load web pages and extract information from the DOM, including postmessage and hashchange listeners and generated HTML. It also takes screenshots.

smuggles

https://github.com/danielthatcher/smuggles

An HTTP request smuggling scanner designed to safely scan a large number of hosts. It includes a large number of tests, as well as features for scan resumption and generating of proof-of-concepts.

Cookieless Session Scanner

https://github.com/danielthatcher/Cookieless-Session-Scanner

A small BurpSuite extensions which adds an active scanner check to test web servers for ASP.NET Cookieless Sessions. The extension also marks any cookieless sessions present in request paths as insertion points for Burp’s scanner.

glyphy

https://github.com/danielthatcher/glyphy

A small tool written in Go which generates homoglyphs from ASCII text. The tool mostly uses substitutions generated by testing Chrome and Firefox to see which unicode glyphs are converted to ASCII when passed to JavaScript’s URL constructor, with the intention being that it is likely to generate homoglyphs which will be treated by some software as equivalent to the given ASCII text, and can therefore be used to bypass or trick filters.

clips

https://github.com/danielthatcher/clips

A command line based clipboard manager designed to be useful for when you find yourself typing the same command repeatedly in many different contexts, for example in reverse shells and web shells. You can globally set variables, such as your VPN IP address when connecting to a lab environment, which are then used in command generation.

pgexec

https://github.com/Dionach/pgexec

A script to automate the process of turning access to a PostgreSQL instance to command execution on the host. The script can load a custom library to be used in the process, but will also run in a fully self-contained manner, generating and compiling the library source as it is run.