HAHWUL

HAHWUL

Security engineer, Developer and H4cker

Cullinun

Cullinan

Cullinan is wiki of offensive security

Phoenix

Phoenix

Phoenix is online tools for me

Amass, go deep in the sea with free APIs

Amass, go deep in the sea with free APIs

There are several types of Subdomains scanning tools. Amass, Subfinder, findomain,...

앨리스(Alice)와 밥(Bob) 그리고 캐롤(Carol), 이름의 의미는?

앨리스(Alice)와 밥(Bob) 그리고 캐롤(Carol), 이름의 의미는?

보안쪽에서 자주 나오는 사람 이름이 있습니다. 바로 앨리스(Alice)와 밥(Bob), 그리고 캐롤(Carol)인데요. 02랑 이야기하던 중 A/B...

Use proxy in macos and pulse (with psproxy, for ZAP/Burp)

Problem Have a light but troublesome problem. Pulse secure is enabled on the mac a...

HTTP/2 H2C Smuggling

HTTP/2 H2C Smuggling

Hi hackers and bugbounty hunter, This is written in Korean for Koreans. if you use...

Future of the WebHackersWaepons

Future of the WebHackersWaepons

Concept feature in future So far I have been github repoing tools simply to enumer...

Scanning multiple targets in ZAP

Scanning multiple targets in ZAP

저는 ZAP과 Burp pro 모두를 사용하고 있습니다. 각각 도구가 가진 특성과 라이선스적인 문제로 인해서 같이 사용하고 있는데, 사실 누가 좋다...

CI for Automatic recon

CI for Automatic recon

Hi hackers and bugbounty hunters 😁 CI/CD is a key topic in DevOps, DevSecOps. I’m...

Docker images and running commands of vulnerable web

Docker images and running commands of vulnerable web

I often use the weak web for performance testing of tools under development. I wri...

Transient events for XSS(sendBeacon?!)

Transient events for XSS(sendBeacon?!)

I saw a new post in portswigger research today. It’s about how to successfully pro...