365-day current streak·365-day longest streak
Hey there! I'm Hwan Lee, but you might know me better as HAHWUL. I'm an offensive security engineer and hacker who also loves coding—mostly with Rust, Ruby and Crystal. 'hahwul'…
Hey there! I'm Hwan Lee, but you might know me better as HAHWUL.
I'm an offensive security engineer and hacker who also loves coding—mostly with Rust, Ruby and Crystal.
'hahwul' is a new word made by remixing my name, and that's me. Feel free to call me HAH-hul or HOWL—whichever you prefer!
-
dalfox ★ PINNED
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Rust ★ 5.1k 9h agoExplain → -
noir ★ PINNED ⑂
A hybrid static and AI-driven analyzer that detects every endpoint in your codebase, from shadow APIs to standard routes.
Crystal ★ 3 3mo agoExplain → -
jwt-hack ★ PINNED
JSON Web Token Hack Toolkit
Rust ★ 1.0k 16h agoExplain → -
hwaro ★ PINNED
Hwaro (화로) is a lightweight and fast Static Site Generator(SSG) written in Crystal.
Crystal ★ 31 3d agoExplain → -
WebHackersWeapons ★ PINNED
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Ruby ★ 4.9k 2mo agoExplain → -
DevSecOps ★ PINNED
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Just ★ 2.1k 2mo agoExplain → -
XSpear ▣
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
Ruby ★ 1.4k 3mo agoExplain → -
MobileHackersWeapons
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Ruby ★ 1.2k 3mo agoExplain → -
a2sv ▣
Auto Scanning to SSL Vulnerability
Python ★ 636 5y agoExplain → -
authz0
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Go ★ 429 4d agoExplain → -
mad-metasploit
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Ruby ★ 406 3y agoExplain → -
droid-hunter ▣
(deprecated) Android application vulnerability analysis and Android pentest tool
Ruby ★ 310 7y agoExplain → -
metasploit-autopwn
db_autopwn plugin of metasploit
Ruby ★ 269 6y agoExplain → -
urx
Extracts URLs from OSINT Archives for Security Insights
Rust ★ 188 8h agoExplain → -
deadfinder
🏴☠️ Find dead-links (broken links)
Crystal ★ 178 4d agoExplain → -
smugglex
Rust-powered HTTP Request Smuggling Scanner.
Rust ★ 123 1d agoExplain → -
RegexPassive
🔭 Collection of regexp pattern for security passive scanning
★ 116 3y agoExplain → -
mzap
⚡️ Multiple target ZAP Scanning
Crystal ★ 110 10d agoExplain → -
hack-pet
🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Go ★ 110 3y agoExplain → -
XSS-Payload-without-Anything
XSS Payload without Anything.
★ 108 7y agoExplain → -
s3reverse
The format of various s3 buckets is convert in one format. for bugbounty and security testing.
Go ★ 89 3y agoExplain → -
gee
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
Go ★ 87 9mo agoExplain → -
websocket-connection-smuggler
websocket-connection-smuggler
Go ★ 68 6y agoExplain → -
gitls ▣
🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
Go ★ 56 1y agoExplain → -
ws-smuggler
WebSocket Connection Smuggler
Go ★ 47 3y agoExplain → -
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Go ★ 43 6y agoExplain → -
goyo
A simplicity and clean documentation theme
HTML ★ 38 4mo agoExplain → -
MemBi
All the members of bugbounty and infosec. If you don't know who to follow, see!
Go ★ 36 4y agoExplain → -
xssmaze
XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnerabilities.
Crystal ★ 35 15d agoExplain → -
backbomb ▣
💣 Dockerized penetration-testing/bugbounty/app-sec testing environment
Go ★ 34 4y agoExplain → -
hbxss ▣
Security test tool for Blind XSS
Ruby ★ 27 6y agoExplain → -
recon-raven ▣
Reconnaissance tool of Penetration test & Bug Bounty
Ruby ★ 26 8y agoExplain → -
action-dalfox
XSS scanning with Dalfox on Github-action
Dockerfile ★ 26 2y agoExplain → -
OmniOAST
Unify your OAST provider management and consolidate all interactions into a single, streamlined workflow.
TypeScript ★ 25 1mo agoExplain → -
assets.hahwul.com
assets for www.hahwul.com
Shell ★ 24 17h agoExplain → -
fuzzstone
My fuzz repo!
JavaScript ★ 23 2y agoExplain → -
vais ▣
SWF Vulnerability & Information Scanner
HTML ★ 19 7y agoExplain → -
volt
⚡ Golang library for quick make pentest tools
Go ★ 16 1y agoExplain → -
awesome-oneliner-bugbounty ⑂
A collection of awesome one-liner scripts especially for bug bounty tips.
★ 16 5y agoExplain → -
can-i-protect-xss
Everything about xss protection technology
★ 15 6y agoExplain → -
ShadowShell
Multi-terminal plugin for Caido with AI presets and instant Cmd+J access
TypeScript ★ 15 1mo agoExplain → -
hahwul
about me!
★ 14 2mo agoExplain → -
Hex
Hex Viewer & Editor Plugin for Caido
TypeScript ★ 13 1mo agoExplain → -
raven ▣
Automation Hacking & Penetration Testing Suite
Ruby ★ 12 10y agoExplain → -
vunlink
Auto Web Vulnerability Scanning Framework
Ruby ★ 11 10y agoExplain → -
mcp-hack
MCP(Model Context Protocol) Hack Toolkit
Rust ★ 11 9mo agoExplain → -
xss-cheatsheet-data ⑂
This repository contains all the XSS cheatsheet data to allow contributions from the community.
★ 11 6y agoExplain → -
crawlergo ⑂
A powerful browser crawler for web vulnerability scanners
★ 10 4y agoExplain → -
AutoSploit ⑂
Automated Mass Exploiter
Python ★ 10 8y agoExplain → -
websocket-connection-smuggling-go
websocket-connection-smuggling write in go
Go ★ 10 6y agoExplain → -
zest-env
🐋 Zest CLI Environment
Shell ★ 9 8mo agoExplain → -
PayloadsAllTheThings ⑂
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Python ★ 9 4y agoExplain → -
VAHA
Web for security engineer & hacker
★ 8 8y agoExplain → -
urlgrab ⑂
A golang utility to spider through a website searching for additional links.
Go ★ 8 5y agoExplain → -
golang-developer-roadmap ⑂
Roadmap to becoming a Go developer in 2020
★ 8 5y agoExplain → -
awesome-zap-extensions
A curated list of amazingly awesome ZAP Extensions
★ 8 6y agoExplain → -
eoyc
Endless Options, Your Chain
Crystal ★ 7 4d agoExplain → -
reqs
No description.
Rust ★ 7 28d agoExplain → -
openvas_install_script
OpenVAS Scanner Install Script on Debian
Shell ★ 7 10y agoExplain → -
IntruderPayloads ⑂
A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
PHP ★ 7 8y agoExplain → -
homebrew-dalfox
No description.
Ruby ★ 6 1d agoExplain → -
KingOfBugBountyTips ⑂
No description.
★ 6 5y agoExplain → -
hetty ⑂
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
TypeScript ★ 6 5y agoExplain → -
cyclonedx-cr
A Crystal tool for generating CycloneDX Software Bill of Materials (SBOM) from Crystal shard projects.
Crystal ★ 6 8d agoExplain → -
blackarch ⑂
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers.
Shell ★ 6 8y agoExplain → -
github-aciton-injection-test
This repo is a sample repo for Github Action Injection.
★ 6 3y agoExplain → -
xss_benchmark
for dalfox
Ruby ★ 6 6mo agoExplain → -
cyan-snake ▣
Live OS for Physical hacking
Ruby ★ 6 8y agoExplain → -
proxify ⑂
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
Go ★ 6 4y agoExplain → -
axiom ⑂
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Shell ★ 6 5y agoExplain → -
jqueen
No description.
Go ★ 6 6y agoExplain → -
hwaro-examples
No description.
Shell ★ 5 16h agoExplain → -
zaproxy-ruby
A Ruby Implementation and Library for Easy Utilization of ZAP API
Ruby ★ 5 2y agoExplain → -
jekyll-securitytxt
Jekyll plugin for security.txt
Ruby ★ 5 5mo agoExplain → -
exploit-db_to_dokuwiki
exploit-db(edb) convert to dokuwiki template
Python ★ 5 10y agoExplain → -
buildpack-zap-daemon
zap(zed attack proxy) daemon mode buildpack of heroku
Shell ★ 5 7y agoExplain → -
booungJS ▣
Vulnerability analysis to javascript using javascript and web debugger
JavaScript ★ 5 9y agoExplain → -
arachni ⑂
Web Application Security Scanner Framework
Ruby ★ 5 3y agoExplain → -
buildpack-nmap
install nmap and set alias buildpack of heroku
Shell ★ 5 6y agoExplain → -
podopunch ▣
Easy testing from multiple android devices
Python ★ 5 9y agoExplain → -
community-scripts ⑂
A collection of ZAP scripts provided by the community - pull requests very welcome!
JavaScript ★ 5 4y agoExplain → -
qs-openvpn
quick setup openvpn
Shell ★ 5 4y agoExplain → -
zap-cloud-scan
No description.
★ 5 5y agoExplain → -
cjules
A power-user CLI for the Jules API, written in Crystal.
Crystal ★ 4 4d agoExplain → -
cvss.cr
No description.
Crystal ★ 4 5d agoExplain → -
Web-Cache-Vulnerability-Scanner ⑂
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Go ★ 4 4y agoExplain → -
naabu ⑂
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Go ★ 4 3y agoExplain → -
MCP-Security-Checklist ⑂
A comprehensive security checklist for MCP-based AI tools. Built by SlowMist to safeguard LLM plugin ecosystems.
★ 4 1y agoExplain → -
homebrew-jwt-hack
No description.
Ruby ★ 4 23d agoExplain → -
awesome-zola
A collection of awesome Zola resources
HTML ★ 4 10mo agoExplain → -
hahwul-testzz
tool, page code for https://www.hahwul.com
HTML ★ 4 7y agoExplain → -
CaidoTweaks ▣
No description.
★ 4 2y agoExplain → -
owasp-projects ⑂
No description.
★ 4 3y agoExplain → -
bounty-targets-data ⑂
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/etc) that are eligible for reports
★ 4 6y agoExplain → -
Amass ⑂
In-depth Attack Surface Mapping and Asset Discovery
★ 4 6y agoExplain → -
doma
Put your directories on the cutting board
Crystal ★ 3 3d agoExplain → -
vuln_test
<video><embed><object><meta><body><script><frame><frameset>
★ 3 10y agoExplain → -
projectsend_r582_webshell
ProjectSend_r582_webshell exploit
Ruby ★ 3 10y agoExplain → -
homebrew-s3reverse
No description.
Ruby ★ 3 5y agoExplain → -
homebrew-core ⑂
🍻 Default formulae for the missing package manager for macOS (or Linux)
Ruby ★ 3 13d agoExplain → -
purl.cr
No description.
Crystal ★ 3 15d agoExplain → -
fm.cr
Crystal bindings for Apple's FoundationModels.framework
Crystal ★ 3 15d agoExplain → -
caido.cr
Caido implementation for crystal
Crystal ★ 3 15d agoExplain → -
acp.cr
An unofficial Crystal implementation of the Agent Client Protocol (ACP)
Crystal ★ 3 15d agoExplain → -
homebrew-mzap
No description.
Ruby ★ 3 3mo agoExplain → -
frida-gadget ⑂
Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.
Python ★ 3 5mo agoExplain → -
midnight-in-seoul
It is a Caido theme made to feel blue, the representative Midnight color of Seoul.
★ 3 3mo agoExplain → -
awesome-frida ⑂
Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
★ 3 2y agoExplain → -
go-github-selfupdate-patched ▣
go get error patched version
Go ★ 3 11mo agoExplain → -
dnsprobe ⑂
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
★ 3 6y agoExplain → -
licaner
No description.
Go ★ 3 4y agoExplain → -
lens ⑂
Lens - The way the world runs Kubernetes
★ 3 3y agoExplain → -
homebrew-authz0
No description.
Ruby ★ 3 4y agoExplain → -
zaproxy ⑂
The OWASP ZAP core project
Java ★ 3 5y agoExplain → -
shooting-scheme
custom scheme testing tool with checklist
★ 3 6y agoExplain → -
csp ⑂
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
★ 3 6y agoExplain → -
geckodriver-buildpack ⑂
Heroku geckodriver buildpack for Selenium use with Firefox
Shell ★ 3 7y agoExplain → -
www-project-devsecops-verification-standard ⑂
OWASP Foundation Web Respository
HTML ★ 2 1y agoExplain → -
vex.cr
OpenVEX (Vulnerability Exploitability eXchange) implementation for Crystal
Crystal ★ 2 29d agoExplain → -
shards-audit
Security vulnerability scanner for Crystal shard dependencies.
Crystal ★ 2 15d agoExplain → -
spdx.cr
No description.
Crystal ★ 2 15d agoExplain → -
sarif.cr
No description.
Crystal ★ 2 15d agoExplain → -
bad-usb-scripts
No description.
★ 2 2y agoExplain → -
action-authz0-test
No description.
★ 2 4y agoExplain → -
CVE-2023-4863 ⑂
No description.
★ 2 2y agoExplain → -
homebrew-gee
No description.
Ruby ★ 2 1y agoExplain → -
website ⑂
No description.
★ 2 1y agoExplain → -
mdast-cli ⑂
No description.
Python ★ 2 2y agoExplain → -
lab
lab.hahwul.com
★ 2 5y agoExplain → -
heroku-buildpack-geckodriver
No description.
★ 2 7y agoExplain → -
homebrew-urx
No description.
Ruby ★ 1 1d agoExplain → -
kev.cr
No description.
Crystal ★ 1 5d agoExplain → -
www-community ⑂
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
★ 1 9mo agoExplain → -
themes ⑂
Creates the templates section to be used in Zola doc site
Python ★ 1 8mo agoExplain → -
nuclei-templates ⑂
Community curated list of templates for the nuclei engine to find security vulnerabilities.
JavaScript ★ 1 1y agoExplain → -
homebrew-xssmaze
Homebrew tap for xssmaze — Intentionally vulnerable XSS testing lab
★ 1 23d agoExplain → -
homebrew-shards-audit
Homebrew tap for shards-audit — Crystal shard dependency vulnerability auditor
★ 1 23d agoExplain → -
BOAST ⑂
The BOAST Outpost for AppSec Testing: a server designed to receive and report Out-of-Band Application Security Testing (OAST) reactions.
★ 1 11mo agoExplain → -
zap.cr
ZAP implementation for crystal
Crystal ★ 1 10d agoExplain → -
epss.cr
No description.
Crystal ★ 1 15d agoExplain → -
cwe.cr
No description.
Crystal ★ 1 15d agoExplain → -
opensource.guide ⑂
📚 Community guides for open source creators
★ 1 10mo agoExplain → -
claude-code ⑂
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
Shell ★ 1 2mo agoExplain → -
homebrew-eoyc
No description.
Ruby ★ 1 3mo agoExplain → -
crybot ⑂
Crybot - Crystal-based Personal AI Assistant with z.ai GLM support, tool calling, and Telegram integration
Crystal ★ 1 4mo agoExplain → -
awesome-static-generators ⑂
A curated list of static web site generators.
★ 1 3mo agoExplain → -
zokipedia
No description.
HTML ★ 1 7mo agoExplain → -
zap-swag ⑂
Artwork for all official ZAP swag - posters, stickers, t-shirts etc
★ 1 2y agoExplain → -
deadfinder-action-test
No description.
★ 1 1y agoExplain → -
loco ⑂
🚂 🦀 The one-person framework for Rust for side-projects and startups
★ 1 1y agoExplain → -
Badges4-README.md-Profile ⑂
:octocat: Improve your README.md profile with these amazing badges.
Markdown ★ 1 2y agoExplain → -
interactsh ⑂
An OOB interaction gathering server and client library
★ 1 2y agoExplain → -
docs ⑂
Documentation for Amber Framework
★ 1 3y agoExplain → -
crystal-website ⑂
crystal-lang.org website
SCSS ★ 1 3y agoExplain → -
project-layout ⑂
Standard Go Project Layout
★ 1 3y agoExplain → -
zest ⑂
No description.
★ 1 4y agoExplain → -
eyeballer.pytorch ⑂
No description.
★ 1 5y agoExplain → -
termisu ⑂
🍮 Minimalistic API for writing text-based user interfaces in pure Crystal
Crystal ★ 0 9h agoExplain → -
homebrew-doma
No description.
Ruby ★ 0 5d agoExplain → -
homebrew-hwaro
No description.
Ruby ★ 0 7d agoExplain → -
tool-center ⑂
Data and schema powering the worlds largest collection of SBOM/xBOM products, projects, and services
★ 0 6d agoExplain → -
agent-client-protocol ⑂
A protocol for connecting any editor to any agent
Rust ★ 0 20d agoExplain → -
homebrew-smugglex
No description.
Ruby ★ 0 28d agoExplain → -
ssg-benchmark
Static Site Generator Benchmarks
Shell ★ 0 1mo agoExplain → -
homebrew-cjules
No description.
Ruby ★ 0 1mo agoExplain → -
cryload ⑂
HTTP benchmarking tool written in Crystal
Crystal ★ 0 1mo agoExplain → -
store ⑂
🔗 Source for the Caido plugin store
Shell ★ 0 1mo agoExplain → -
catalog ⑂
The shard catalog for shardbox.org
Crystal ★ 0 2mo agoExplain → -
homebrew-cyclonedx-cr
No description.
Ruby ★ 0 2mo agoExplain → -
awesome-crystal ⑂
:gem: A collection of awesome Crystal libraries, tools, frameworks and software
Crystal ★ 0 3mo agoExplain → -
crinja ⑂
Implementation of Jinja2 template language in Crystal
★ 0 3mo agoExplain → -
chei-l.github.io ⑂
aaa
HTML ★ 0 3mo agoExplain → -
autoresearch ⑂
AI agents running research on single-GPU nanochat training automatically
★ 0 3mo agoExplain → -
symphony ⑂
Symphony turns project work into isolated, autonomous implementation runs, allowing teams to manage work instead of supervising coding agents.
★ 0 3mo agoExplain → -
emoji.cr ⑂
:green_heart: Emoji for Crystal
★ 0 2y agoExplain → -
crimage ⑂
A comprehensive pure-Crystal image processing library with no external dependencies
★ 0 5mo agoExplain → -
crystal ⑂
The Crystal Programming Language
Crystal ★ 0 4mo agoExplain → -
CaidoThemes ⑂
Customize your Caido colors!
TypeScript ★ 0 1y agoExplain → -
jamstack.org ⑂
The official Jamstack site
★ 0 5mo agoExplain → -
markd ⑂
Yet another markdown parser, Compliant to CommonMark specification, written in Crystal.
★ 0 6mo agoExplain → -
gh-test-rust
No description.
Rust ★ 0 6mo agoExplain → -
campsite ⑂
The Campsite monorepo
TypeScript ★ 0 7mo agoExplain → -
markdown-badges ⑂
Badges for your personal developer branding, profile, and projects.
★ 0 8mo agoExplain → -
homebrew-reqs
No description.
Ruby ★ 0 8mo agoExplain → -
static-analysis ⑂
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
★ 0 9mo agoExplain → -
gh-test-crystal
No description.
Crystal ★ 0 9mo agoExplain → -
zola ⑂
A fast static site generator in a single binary with everything built-in. https://www.getzola.org
Rust ★ 0 10mo agoExplain → -
drop ⑂
A plugin for collaboration in Caido
★ 0 11mo agoExplain → -
llmstxt-site ⑂
directory of llms.txt file in the wild
TypeScript ★ 0 1y agoExplain → -
authmatrix ⑂
Caido plugin for grid-based authorization testing across multiple users and roles
TypeScript ★ 0 1y agoExplain → -
workflows ⑂
Workflows created by the community
JavaScript ★ 0 1y agoExplain → -
jekyll-heroicons ⑂
Heroicons as a liquid tag for Jekyll.
★ 0 1y agoExplain → -
awesome-ruby ⑂
💎 A collection of awesome Ruby libraries, tools, frameworks and software
★ 0 1y agoExplain → -
giscus ⑂
A comment system powered by GitHub Discussions. :octocat: :speech_balloon: :gem:
TypeScript ★ 0 1y agoExplain → -
asfasdf
No description.
★ 0 1y agoExplain → -
documentation ⑂
📙 Caido documentation
★ 0 1y agoExplain → -
awesome ⑂
🔗 A curated list of awesome Caido related projects
★ 0 2y agoExplain → -
solid_cache ⑂
A database-backed ActiveSupport::Cache::Store
★ 0 2y agoExplain → -
awesome-rails ⑂
A curated list of awesome things related to Ruby on Rails
★ 0 2y agoExplain → -
good_job ⑂
Multithreaded, Postgres-based, Active Job backend for Ruby on Rails.
★ 0 2y agoExplain →
No repos match these filters.