[+] | [-]

Hello World !

Welcome to the my net home, I used it just to have a summary of stuff on which I work (and have worked).


.:BURP Extension to create an audit trail log:.

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

.:Tool to generate a dictionary for hidden content discovering:.

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites .

.:Tool to identify new host using the subjectAltName:.

Discover new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.

.:Android app to brute force SMB share access:.

Android v7+ application to perform a dictionary brute force attack against a host exposing SMB Windows shares, FTP server, SSH access.

.:BURP Extension to abuse "Host" header:.

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.

.:Tool for WebSocket endpoint inspection:.

Interactive shell in order to probe/analyze a WebSocket endpoint.

.:Docker image for web application security scanning:.

Docker build file creating a image of a box containing web application security scanners.

.:OWASP Wiki Contribs:.

Articles created or for which i have contributed to:


CVE/XLM that have found during my job for Excellium CSIRT (waiting publishing by the MITRE for some of them):


Others vulnerability that have found during my job for Excellium CSIRT:


Talks given to conferences:


Collections of slides from several talks given.

.:IT Security Magazines articles:.

Article created for HAKIN9 and its associated magazines (in fact I have realized that using this channel, the information is not free then I have stopped writing article for magazine and made focus on free wiki like OWASP where information is freely available):