Projects

A bunch of stuff I’ve made and published:

• Awesome Password Cracking
  

  A large list of awesome tools, research, papers, projects and people related to password cracking and password security, curated by yours truly. This list is featured on the legendary Awesome list on GitHub.

• n0kovo_subdomains.txt
  

  A highly effective subdomain enumeration wordlist.

• FB Friend List Scraper
  

  An OSINT tool I wrote to scrape names and usernames off large friend lists on Facebook, without being rate limited. Written in Python, the script uses Selenium to interact with the mobile version of facebook.com, which is less dynamic than the desktop version, and then parses the HTML using BeautifulSoup. Built in proxy support, progress bar and very pretty output. Featured on kitploit.com.

• Danish Wordlists
  

  A collection of various Danish base wordlists to aid in password security research and fuzzing of Danish targets. With tools like Hashcat, in combination with word mangling rules, Markov chains etc. these wordlists can be a very effective in cracking Danish passwords. Lists include all legal Danish first and last names, street names, town and city names, company names, Danish bible translations, scrape of the Danish language Wikipedia and passwords from publicly available data leaks from Danish websites.

• PyRandonaut
  

  

  This is a Python3 module for generating quantum random coordinates. It interfaces with the QRNG, at The Australian National University where it gets a list of quantum random numbers, converts them to coordinates and then computes the gaussian kernel density estimate of those coordinates to find a point with a statistically anomalous density, similar to how an Attractor point is generated by Randonautica.

  If you’re unfamiliar with Randonautica, the concepts of Probability Blind-Spots and Quantum Randomness, I recommend reading fatum_theory.txt which shipped with the original Fatum Project bot that inspired Randonautica. This video gives a lot of great background info too. If you have no idea what any of this is about and is completely new to this, watch this video and/or read this article.
  (Technologies used: SciPy, NumPy, Matplotlib, Pandas, Seaborn).

• Hashcat Rules Collection
  

  A huge collection of Hashcat rule files. Probably the largest publicly available anywhere.

• SSID Keyspace Table
  

  A lookup table of common (Danish) WiFi router SSIDs with their corresponding router model, WPA key examples, keyspace, format, estimated cracking time and default web interface credentials. Example: Seeing Telenor3225CF in the wild? Consulting this table will reveal that it’s probably a Technicolor TG788vn v2 router using a default WPA keyspace of A-F0-9 and a length of 11 characters, which is crackable in under 40 hours using hashcat on an EC2 GPU instance. The data was sourced from pictures of used routers for sale on www.dba.dk. If the dataset was a bit larger, I would probably turn it into some kind of API.

• Danish Phone Wordlist Generator
  

  A tool for generating wordlists of Danish phone numbers by area and/or usage (Mobile, landline etc.) Useful for password cracking or fuzzing Danish targets.

• CVE-2021-39174 PoC
  

  A quick exploit I wrote for an Information Exposure vulnerability in Cachet, an open source status page system, while doing the Catch box on HTB. The script was used by Ippsec while doing the same box which is the main reason I’m including it here 😎

• cURL to SQLMap
  

  A small Python snippet to quickly convert cURL command syntax into SQLMap command syntax. Extremely handy when used in combination with the “Copy as cURL” option in Dev Tools. I’m planning on, some day, turning this into a full-fledged project that lets you convert between different command syntaxes, defined by some kind of markup template files.

• Jensens Grinder
  

  A very old Python script I once wrote as a Proof of Concept, back when the Danish restaurant chain Jensens Bøfhus had a… let’s say “poorly thought out” referral program. The script automated the process of registering new accounts with random names and addresses on the website using disposable emails, and refering these accounts from a central account to gain points. These points could then be used in restaurants to pay for food. In a matter of minutes, the script could earn you several hundreds of dollars worth of points. Included for historic reasons, novelty and lulz-factor. Please don’t judge my shitty code and excessive commenting.

• Dialect Map
  

  The Royal Danish Library maintains a collection of historic sound recordings of different Danish dialects. I wrote a scraper too pull the data from that collection and plot them on a map by querying location data from the Danish Agency for Data Supply and Infrastructure API and mapping it on an interactive Leaflet.js map using Folium.