Projects

Afrodite

Afrodite is an easy way to get cosmetics delivered to your home in Jamaica. We offer 1 and 2 day delivery and reasonable prices. It's a Shopify store with some Go code to automate dispatching orders to our shippers and our warehouse and some NodeJS written by Chad Nehemiah to generate and print shipping labels.

Judas

Judas is a pluggable phishing proxy. It can clone any website passed to it using command line flags, and you can extend it with Go plugins to exfiltrate and store credentials from requests and sensitive information from HTTP responses. It's is meant to be used in red team phishing exercises to phish victims without them being able to notice. Judas is unstoppable when combined with effective typosquatting.

HTTPfuzz

HTTPfuzz is a fast CLI HTTP fuzzer written in Go. It's an open source tool for web application testers inspired by Burp Intruder. It takes a seed request and uses a wordlist to generate requests, as well as test file uploads with automatically generated and user supplied file payloads. It can be used as a library, but is meant to be used with the included httpfuzz CLI. I've also made httpfuzz into a Burp Extension that does the same thing. You can find it here.

Jamaica Stock Prices

Jamaica Stock Prices is a Telegram chatbot that looks up the prices of stocks on the Jamaica Stock Exchange (JSE) and cryptocurrencies on cex.io. People all across Jamaica use it every day to check on their finances. The source code is available on GitHub.

targetpractice.network

targetpractice.network is a free CTF with Android and web hacking challenges. It allows users to attack targets in a private sandboxed network via VPN and keeps track of top users with a leaderboard. TargetPractice is written in Django and uses wgrpcd and Wireguard for the VPN.

WireguardHTTPS

WireguardHTTPS is a Wireguard access server written in Go. It integrates with Azure AD to control access to a personal VPN. I use it to encrypt traffic from all my devices, access servers in my private Azure networks and access services on servers behind my home network NAT from my mobile phones. You can read more about WireguardHTTPS in this article.

wgrpcd

wgrpcd controls a Wireguard instance, exposing operations over a gRPC API. This process can be publicly exposed to let client apps control wgrpcd from a different server. No matter where it's bound, it must be configured to use mTLS with TLSv1.3. This gRPC API is meant to be called by a lower privileged application that can provide services on top of Wireguard that interact with the general internet. wgrpcd can use auth0's machine-to-machine or AWS Cognito's OAuth to authenticate clients and limit access. It intentionally exposes minimal functionality to limit the attack surface.

go-tdameritrade

go-tdameritrade handles all interaction with the TD Ameritrade REST API so trading bot developers can spend more time on their strategies. It comes with authentication helpers for TD Ameritrade's OAuth2 API that automatically mitigate against CSRF by setting OAuth2 state to a cryptographically random string.