Below is a list of some of my projects which are publicly available.


A CL.CL HTTP request smuggling scanner which utilises invalid values in the Content-Length header to identify headers which can be smuggled through to back-end servers. This was developed during the early stages of my HTTP header smuggling research.


A scanner that automates Chrome headless to load web pages and extract information from the DOM, including postmessage and hashchange listeners and generated HTML. It also takes screenshots.


An HTTP request smuggling scanner designed to safely scan a large number of hosts. It includes a large number of tests, as well as features for scan resumption and generating of proof-of-concepts.

Cookieless Session Scanner

A small BurpSuite extensions which adds an active scanner check to test web servers for ASP.NET Cookieless Sessions. The extension also marks any cookieless sessions present in request paths as insertion points for Burp’s scanner.


A small tool written in Go which generates homoglyphs from ASCII text. The tool mostly uses substitutions generated by testing Chrome and Firefox to see which unicode glyphs are converted to ASCII when passed to JavaScript’s URL constructor, with the intention being that it is likely to generate homoglyphs which will be treated by some software as equivalent to the given ASCII text, and can therefore be used to bypass or trick filters.


A command line based clipboard manager designed to be useful for when you find yourself typing the same command repeatedly in many different contexts, for example in reverse shells and web shells. You can globally set variables, such as your VPN IP address when connecting to a lab environment, which are then used in command generation.


A script to automate the process of turning access to a PostgreSQL instance to command execution on the host. The script can load a custom library to be used in the process, but will also run in a fully self-contained manner, generating and compiling the library source as it is run.