HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Hacker's Paradise: Full-Response SSRF to Internal Admin Service
2026.06.03
BugForge
medium
Full-Response SSRF
DiceForge: Authentication Bypass via Spoofable Client-IP Header
2026.06.03
BugForge
easy
Authentication Bypass via Spoofable Client-IP Header
Part 1: Pentest Report
CopyPasta: API Token Disclosure to Dual-Auth Admin Takeover
2026.06.03
BugForge
easy
API Token Disclosure + Dual-Auth Bypass
Cafe Club: Readable SSRF to Internal Admin API
2026.06.03
BugForge
easy
Readable SSRF
Sokudo: JWT Signature Verification Bypass on a Legacy Route Mount
2026.05.28
BugForge
easy
JWT Signature Verification Bypass
Appointments: Blind Boolean SQL Injection in a Path Parameter
2026.05.22
BugForge
easy
Blind Boolean SQL Injection
Part 1: Pentest Report
analytics
Activity Log
[2026.06.03]
New writeup published: Hacker's Paradise: Full-Response SSRF to Internal Admin Service
[2026.06.03]
New writeup published: DiceForge: Authentication Bypass via Spoofable Client-IP Header
[2026.06.03]
New writeup published: CopyPasta: API Token Disclosure to Dual-Auth Admin Takeover
[2026.06.03]
New writeup published: Cafe Club: Readable SSRF to Internal Admin API
[2026.05.28]
New writeup published: Sokudo: JWT Signature Verification Bypass on a Legacy Route Mount
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.