My projects can all be found on GitHub, or at least the ones which want to be found. Here's some of my personal highlights:


Arpy can be found on GitHub.

Finding a new IP address without shouting is a pain, mostly involving being carefully quiet while trying to spot gaps in tcpdump which you can pop into. This seemed like something which could be automated, and arpy is my best-effort good-enough effort to do so.

It was also a fun excuse to play with Scapy, which is 1000% awesome to work with.

I've written a blog on writing Arpy and mucking around with Scapy - Arpy, the silent IP guesstimator.


Shelby can be found on GitHub.

Mez0 and I were really impressed with how PoshC2 displays a helpful easily accessible list of available web shells, tuned to match your current IP address. Shelby is our re-interpretation of doing this, and was rather helpful during both OSCP and generic Hack the Box ramblings. is currently visitable online. At, as you might imagine.'s source code can be found on GitHub

Mez0 and I also liked the look and fluidity of and had a burning desire to have easily accessible default application credentials. So we harvested some from around the Internet, led by Daniel Miessler's Seclists, and popped it online. Plus we got to play with JavaScript which is always a fun and engaging experience.