Projects

Built & shipped.

Security-focused tools and platforms designed with enterprise-grade rigour — each one self-hosted, production-ready, and built with AI-accelerated delivery.

Security-first engineering

Every project here is built with the same security rigour applied in enterprise environments — threat modelling, OWASP compliance, and a secure SDLC baked in from the first line of code. AI platforms (primarily Claude Code) compress delivery cycles without compromising architecture or risk posture. The expertise is human; the velocity is AI-assisted.

VulnVault

Live

A self-hosted vulnerability management platform built for application security and penetration testing engagements. Covers the full finding lifecycle — from discovery through remediation and evidence collection to formal closure — with client-grade encrypted reporting. Runs entirely on-premises with zero cloud dependencies or external data exposure.

Node.jsReact 19 SQLitePuppeteer TOTP / JWTDocker Claude Code

Core Capabilities

  • Auto-generated finding IDs (VULN-001…), severity tiers (Critical → Informational), CVSS v3.1 scores, CWE IDs, and OWASP Top 10 category tagging
  • Screenshot and evidence file attachments per finding; structured steps-to-reproduce, impact analysis, and remediation guidance fields
  • Formal remediation action plans with developer acknowledgement workflows and status transitions (Open → In Progress → Closed)
  • Per-engagement project grouping — client name, assigned testers, engagement dates, scope definition, and live per-project risk statistics
  • Executive dashboard with severity breakdown charts, open/in-progress/resolved progress indicators, and top-risk surface summaries

Reporting & Access Control

  • Professional Word (.docx) and PDF report generation via Puppeteer; PDFs encrypted with 256-bit AES and distributed via one-time download tokens
  • Full export audit trail — every report download logged by user, scope, timestamp, and delivery method
  • TOTP-based multi-user authentication (no stored passwords); role hierarchy: Viewer, Tester, Project Manager, Admin
  • Breakglass admin account for system recovery; email domain allowlist restricts self-registration to approved organisations
  • Docker deployment with non-root container execution; persistent volumes for database, reports, logs, and configuration

Domain Hunter

Live

A self-hosted OSINT and domain reconnaissance platform for security professionals. Orchestrates a full suite of DNS, certificate, network, and threat intelligence tools from a single web interface — real-time results streamed via Socket.io. All scan data remains local; nothing leaves the host except to explicitly configured third-party API endpoints.

Node.jsExpress SQLiteSocket.io DockerPython OSINT Claude Code

Reconnaissance Capabilities

  • Full DNS record analysis (A/AAAA/MX/TXT/NS/CNAME/SOA), WHOIS lookup, SSL/TLS certificate chain inspection, and HTTP security header evaluation
  • Port scanning via nmap (with TCP fallback), subdomain enumeration via DNS brute-force and certificate transparency logs, and headless screenshot capture
  • Integrated Python OSINT toolchain: theHarvester, Sublist3r, dnsrecon, Fierce, dirsearch, Wafw00f, sslyze, CMSeeK, Photon, and Wayback Machine crawler
  • Threat intelligence enrichment: Shodan, VirusTotal, and SecurityTrails (configurable API keys per user)
  • Reusable scan presets, real-time progress streaming over Socket.io, and full per-user scan history with timeline view
  • Multi-format report export: PDF (Puppeteer), JSON, CSV, and XLSX

Security & Deployment

  • Passwordless TOTP authentication with JWT tokens in httpOnly cookies; per-user scan isolation enforced at the database query level
  • Admin panel: user management, forced TOTP re-enrolment, cross-user scan history, and chronological audit log
  • Docker deployment with non-root container user; docker-compose with named persistent volumes for db, logs, reports, and config

Secure Portfolio CMS

Live

This site — a self-hosted personal portfolio and content management system built to OWASP Top 10:2025 standards. Demonstrates that security and usability are not at odds: a clean public-facing portfolio backed by a full admin CMS with rich-text editing, image management, and structured audit logging.

Node.jsExpress SQLiteOWASP Top 10 Helmet.jsClaude Code
View the portfolio

Security Architecture

  • Session-based authentication with bcrypt password hashing, in-memory failed-login lockout (A07 / A02), and automatic session expiry
  • Custom zero-dependency CSRF token middleware — cryptographically random tokens stored in session, validated on every state-changing request
  • Strict Content Security Policy via Helmet.js — no inline scripts, no eval, whitelisted CDN sources only; X-Frame-Options, HSTS, and Permissions-Policy headers set
  • Global and per-route rate limiting (express-rate-limit) with distinct quotas for login and API endpoints
  • Structured audit logging (Winston) for every auth event, admin action, upload, and 404 probe; log rotation with daily files

CMS Features

  • Admin CMS with rich-text article editor, tag management, excerpt editing, and publish/unpublish controls
  • Image upload with MIME-type validation, 5 MB size cap, UUID-renamed filenames, and server-side storage — no base64 bloat in the database
  • SQLite with better-sqlite3 and fully parameterised queries throughout — no raw string concatenation anywhere in the codebase
  • Public blog with tag filtering; individual article pages; graceful 404 and error handling