In-App MongoDB Editor for Meteor (Meteor DevTools)

Insecure Deserialization, PDF and lab

Progressive hashing PoC

a very insecure mysql_escape_string implementation for a very limited use case

source code for mitm.cool, a dead-simple site that doesn't have SSL... allowing public WiFi to MITM the request and get you authenticated

A toy webserver written in Rust / 合肥工业大学 2023 计算机网络课程设计

This is a proof of concept script I put together that exploits the default credentials of exposed Megapixel IP Cameras.

A whole lot of fail going on. Nothing goes right here, anything that can go wrong does.

A very VERY dumb and insecure "server" to send arbitrary stats to graphite.

An intentionally-insecure web application built for educational purposes using agile development practices.

k2345 安全 - Koishi 2345 Security: 保护您的 Koishi 不受侵害(确信)

NTP is not authenticated... but trusted

chunkHide provides a convenient way to manipulate PNG image files by adding, modifying, or reading text chunks. It is particularly useful for scenarios where you need to embed metadata or other textual information within a PNG image.

An extremely basic proxy for making HTTPS requests using HTTP. Yes, this is a terrible idea, but the data I'm passing through it is non-sensitive.

Simple PasswordManager written using Go and Svelte. Its simple and insecure and it was created as part of a college assignment.

Want to "encrypt" your stuff with a totally not secure algorithm? You're in luck!

Security Warning: This app allows execution of arbitrary commands which can be used to compromise your system

A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions

Part of my bad NodeJS Series. An insecure NodeJS 'API' server written for security experiments and demonstrations

书籍销售管理系统 Vue前端