My Projects

This is a non-comprehensive list of my personal, mostly security-related projects.


Unravelling online scams, phishing and spam campaigns with open source intelligence gathering techniques. Find out who is behind the curtain with public data.


A now defunct public service for scanning any website for SRI hash usage.

Main Page of

Links: site, blog


WordPress Two-Factor Authentication Brute-forcer

WPBiff in Action

Links: Blog, PyPI, GitHub


Wordlist generator based on password cards

Munchkin Usage Example

Links: GitHub, Blog (coming soon)

Yo Bike Me

An API service that finds the nearest cycle hire station and sends you the walking directions afterwards. Covers more than 250+ cities across the globe.

Yo Store

Links: Yo Store, GitHub

Debunking Malicious BitTorrent Mirrors

This project involved a combination of research, application security and software development. It turned out the majority of BitTorrent mirrors inject malicious adverts into the code of the mirrored site.

Malware Injecting Torrent Mirrors

Links: BlogTorrentFreak, IBTimes, Business Reporter

Proxy Buster

A Python application that compares JavaScript between two websites and dumps the differences. Ideal to verify if a mirror website injects any potentially malicious JavaScript code into the original page. This tool was made as part of the research around malicious BitTorrent mirror sites.

Links: GitHub, Blog

Node.js / Resitify / CoffeeScript / API Boilerplate

Boilerplate written in CoffeeScript to be able to spin up new APIs within minutes.

Links: GitHub

Fake Art of War Tweetbot

Fake Sun Tzu quote generator based on Python and CoffeeScript

Twitter @FakeArtOfWar

Links: Twitter, BlogGitHub 1, GitHub 2

I Just Saw It

A now defunct movie website that rated upcoming films based on sentiment analysis of tweets of movie-goers.