██████╗ ██╗ ██╗██╗ ██████╗██╗██████╗ █████╗ ██╗ ████████╗███████╗██████╗ ██████╗ ██╗ ██╗
██╔════╝ ██║ ██║██║██╔════╝██║██╔══██╗██╔══██╗██║ ╚══██╔══╝██╔════╝██╔══██╗██╔══██╗╚██╗ ██╔╝
╚█████╗ ██║ ██║██║██║ ██║██║ ██║███████║██║ ██║ █████╗ ██║ ██║██║ ██║ ╚████╔╝
╚═══██╗ ██║ ██║██║██║ ██║██║ ██║██╔══██║██║ ██║ ██╔══╝ ██║ ██║██║ ██║ ╚██╔╝
██████╔╝ ╚██████╔╝██║╚██████╗██║██████╔╝██║ ██║███████╗ ██║ ███████╗██████╔╝██████╔╝ ██║
╚═════╝ ╚═════╝ ╚═╝ ╚═════╝╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚═════╝ ╚═════╝ ╚═╝
name: S.B
role: Security Researcher & Penetration Tester
company: Independent
active_since: 2017
repos: 280+
specialties:
- Penetration Testing (OWASP, PTES, OSSTMM)
- Red Team Operations & Adversary Simulation
- Offensive Security Tooling (custom exploits, C2, recon)
- Defensive Infrastructure (SIEM, EDR, Wazuh, Elastic)
- IoT & Embedded Device Exploitation
- Malware Analysis & Reverse Engineering
- Network Protocol Research & Fuzzing
- Cloud Security (Azure, AWS pentesting)
languages:
- Rust # "memory safe until I'm not"
- Go # "concurrency goes brr"
- Python # "rapid prototyping & exploit dev"
- PowerShell # "living off the land"
- Bash # "glue that holds it all together"
- C # "close to the metal"
certifications_focus:
- OSCP / OSCE methodology
- Compliance & regulatory testing
- External & internal infrastructure pentesting
motto: "Break it to understand it. Build it to defend it."
Reconnaissance & Advanced Scanners
| Tool | Description | Link |
|---|---|---|
| Stalkroute | Advanced traceroute for network path analysis and recon |  |
| Quicmap | QUIC protocol port scanner for modern web infrastructure | |
| Mass Dorker | Automated Google dorking for search engine reconnaissance | |
| Voyage | Stateful subdomain enumeration and discovery toolkit | |
| FTPWeb | FTP server scanner for network asset discovery | |
Exploitation Frameworks & Offensive Security Tools
| Tool | Description | Link |
|---|---|---|
| Rustsploit | RouterSploit rewrite in Rust — IoT and embedded device exploitation framework | |
| Rasberry Lie | Wi-Fi deauthentication tool for wireless security testing | |
| FireC2 | Rust-based command and control framework | |
| FBI-NET | Botnet creation kit for security research | |
| IoT-Annihilator | Modular IoT exploitation and vulnerability testing framework | |
| Terylene | Modified Mirai variant with Go-based C2 (ZeroMQ transport) | |
| Rustforce | High-performance brute force tool in Rust with proxy rotation | |
| Revil DNS | DNS tunneling C2 payload for covert command channels | |
| RansomCare | Open-source ransomware simulator for security testing and education | |
| Rust Slowloris | Slowloris denial-of-service tool reimplemented in Rust | |
Malware Analysis, Forensics & Reverse Engineering
| Tool | Description | Link |
|---|---|---|
| NFSMW 2005 RE | Need for Speed: Most Wanted reverse engineering — 6,500+ named functions, 30 subsystems | |
| NFSMW 2005 SDK | Cross-platform mod SDK for NFS:MW — ASI Loader + BepInEx 6 | |
| LOLBAS Payload Repo | Living-off-the-land binary exploitation payloads | |
| PS1ware | PowerShell malware techniques and payload library | |
| Eternal Green | Windows LNK malware dropper research | |
DFIR — Digital Forensics & Incident Response
| Tool | Description | Link |
|---|---|---|
| Wazuh Auto Setup | Automated Wazuh SIEM/EDR deployment for security monitoring |  |
| Elastacat | One-step Elastic Stack installer for rapid SIEM deployment | |
Network Security, Monitoring & Defense
| Tool | Description | Link |
|---|---|---|
| Rubberup | Rust-based security audit checker for Arch Linux hardening | |
| RBSL | Rust + Bash SIEM Logger for security event pipelines | |
| ByProxy | Passive proxy discovery scanner for Debian and Arch | |
Cryptography, Steganography & Data Obfuscation
| Tool | Description | Link |
|---|---|---|
| I2P Traffic Padding | I2P anonymity network cover traffic plugin | |
| Ping0-Exfil | Covert data exfiltration via ICMP ping packets |  |
Web Application & API Security Testing
| Tool | Description | Link |
|---|---|---|
| OnlyOffice MCP | MCP server for AI-driven Office document manipulation — 77 async tools | |
| WPSripper | WordPress vulnerability scanner and attack tool | |
| SkiddedSQL | SQL injection payload collection for penetration testing | |
| API DoS Tester | API stress-testing and rate limit evaluation tool | |
Specialized Utilities & Developer Tools
| Tool | Description | Link |
|---|---|---|
| Shodan Key Tester | Verify Shodan API key validity and access level | |
| ILoveProxies | Automated free proxy list gathering and validation | |
| SSH-Forcing | Python SSH brute-force dictionary attack demo | |
| VM2TV | Screen-share a VM to a TV or other devices on your local network | |
Learning Resources, CTFs & Knowledge Bases
| Resource | Description | Link |
|---|---|---|
| Awesome Shodan Queries | Curated Shodan search queries for device and vulnerability discovery | |
| Web App Security Checklist | Comprehensive web application security testing checklist | |
| Ransomware Official Domains | Threat intelligence reference for ransomware group domains | |
| Intune Kali Guide | Deploy Kali Linux in Microsoft Intune-managed environments | |
| Detailed Nmap Cheatsheet | Comprehensive Nmap scanning reference and cheatsheet | |
| How Cards Are Cloned | Educational resource on card cloning techniques | |
┌──────────────────────────────────────────────────────────┐
│ │
│ "The quieter you become, the more you are able to │
│ hear." — Kali Linux │
│ │
│ All tools are for authorized testing & │
│ educational purposes only. │
│ │
└──────────────────────────────────────────────────────────┘
Support this work
If any of these tools saved you time, consider tossing $1 in Monero:
478Lb78LDscQ8ukEDTZqXgEtjoBX1jMuVGvgfy2RagxZZk89YuyVYsganfLUKnwggz8YiBxhG25yWWiHUppG9uarSiseseY
XMR — private, untraceable, appreciated.