HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Vaultly: Account Takeover via Unbound Password-Reset Token
2026.06.10
BugForge
hard
Password-Reset Account Takeover
Shady Oaks Financial: UNION-based SQL Injection
2026.06.10
BugForge
easy
UNION-based SQL Injection
Ottergram: Private Posts via Dual-Identifier Authorization Drift
2026.06.10
BugForge
medium
Broken Object-Level Authorization
Galaxy Dash: Broken Access Control via Writable Avatar Field
2026.06.05
BugForge
medium
Broken Access Control
Part 1: Pentest Report
Hacker's Paradise: Full-Response SSRF to Internal Admin Service
2026.06.03
BugForge
medium
Full-Response SSRF
DiceForge: Authentication Bypass via Spoofable Client-IP Header
2026.06.03
BugForge
easy
Authentication Bypass via Spoofable Client-IP Header
Part 1: Pentest Report
analytics
Activity Log
[2026.06.10]
New writeup published: Vaultly: Account Takeover via Unbound Password-Reset Token
[2026.06.10]
New writeup published: Shady Oaks Financial: UNION-based SQL Injection
[2026.06.10]
New writeup published: Ottergram: Private Posts via Dual-Identifier Authorization Drift
[2026.06.05]
New writeup published: Galaxy Dash: Broken Access Control via Writable Avatar Field
[2026.06.03]
New writeup published: Hacker's Paradise: Full-Response SSRF to Internal Admin Service
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.