Security
GotaTun — WireGuard Rebuilt in Rust
Mullvad released GotaTun, a Rust implementation of WireGuard, to Android, removing wireguard-go crashes, improving stability, and adding privacy features like DAITA and Multihop.
Pawan Jaiswal
Blogging about security at OpenExploit.in
Security
Fuzzy Canary
A lightweight tool that injects invisible 'canary' links into your HTML to trigger scrapers' content safeguards. Install via npm and prefer server-side injection so non-JS scrapers still see it.
Security
FreeBSD RCE: ND6 Router Advertisements Exploit
A critical vulnerability (CVE-2025-14558) in FreeBSD's rtsold and rtsol programs allows remote code execution via unvalidated IPv6 router advertisement messages on the same network segment.
Security
From SSRF to RCE: A 7-Step Chain Against PostHog
A deep dive into how overlooked validations, a SQL escaping bug, and static credentials turned a simple webhook into a full system compromise.
Security
Docker Hardened Images: Secure by Default, Free for All
A new industry standard with guaranteed patching, minimal attack surface, and full transparency—available at zero cost.
Security
8 Million Users’ AI Conversations Sold by ‘Privacy’ Extensions
Urban VPN Proxy and sibling extensions silently harvested and monetized intimate AI chat data for months.
Hakrawler Tutorial: Fast Web Crawler for Bug Bounty
Whether you're interested in penetration testing, OSINT, or bug bounty, this quick and easy Golang-based crawler is an essential addition to your recon toolbox. On a newly configured Ubuntu ARM64 virtual machine, we will install Hakrawler, run practical examples, and learn how to use it efficiently. Setup "
ToolHive Tutorial: Securely Deploy and Manage MCP Servers
In this blog, we're delving into ToolHive, a small tool that makes managing and deploying MCP servers remarkably simple and safe. ToolHive transforms your development process by integrating container security and configuration automation, regardless of whether you're using Cursor, GitHub Copilot, or other tools. Let'
Secure Your Kubernetes Access with kubectl-rexec Plugin
Have you ever hopped inside a pod and swiftly debugged something using kubectl exec? It's useful, but it has a big flaw: there is no audit trail. Kubectl-rexec can help with that. The Kubectl exec Issue When you're running: kubectl exec -it mypod -- bash You&
ProxyBlob: Create SOCKS Proxy via Azure Blob Storage
Have you ever been in an environment where direct network access is blocked, but cloud services like Azure Blob Storage are still reachable? What if I told you that you could tunnel your internet traffic through those blob storage endpoints? That’s exactly what ProxyBlob does. In this post, I’
AI-Powered SQLMap: Smarter SQL Injection Testing Guide
SQLMap is a powerful open-source tool for finding and taking advantage of SQL injection vulnerabilities in web applications. If you've been learning about ethical hacking, you've probably heard of it. But what if we could make SQLMap smarter so smart that it could think like a
How to Build a Secure Password Manager in Python
Password management is one of the most critical activities for being secure online. But with several dozen (if not hundreds) of accounts, how do you remember difficult, new passwords for every website? That's where a password manager is useful. Though there are plenty of excellent password managers available