I am excited to share a project I've been working on: the_almighty, a deterministic web-vulnerabi...I am excited to share a project I've been working on: the_almighty, a deterministic web-vulnerabi...
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
I am excited to share a project I've been working on: the_almighty, a deterministic web-vulnerability scanner built entirely in Go.
Unlike traditional black-box scanners that rely on simple payload spraying, the_almighty is designed with high signal-to-noise ratio in mind. Findings are only reported when verified by a Go oracle (e.g., verbatim reflection, error signature, time delay, or an out-of-band callback).
Key Capabilities: 🔹 OOB Correlation: Captures blind/stored XSS, SSRF, and command injections via tokenized out-of-band callbacks. 🔹 Grey-box IAST: Server-side PHP and JS agents locate tainted input reaching dangerous sinks with file and line numbers. 🔹 Headless Browser Crawler: Leverages a pooled headless Chrome instance to crawl modern single-page applications. 🔹 AI-Powered Payload Widening: Uses local LLMs (via Ollama) to dynamically generate and expand test payloads, keeping validation deterministic. 🔹 Observation Engine: Correlates, deduplicates, and scores results into SQLite (WAL) for a clean, prioritized list.
Engineered with a strict scope guard and per-host rate limiters to guarantee scanning stays safe and within boundaries.
Stack: Go 1.26, Cobra, chromedp, SQLite, and Ollama.
#ApplicationSecurity #SoftwareEngineering #GoLang #IAST #PenetrationTesting #DevSecOps
Post image
Back to feed
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started