The Vault Ocean arsenal

Passive recon through active testing — every finding ships with full request/response bytes, reflection offsets, a cURL repro, and OAST callbacks for blind classes.

Node.js

A self-hosted document toolkit — convert, merge, split and process PDFs without sending a byte to a third party. Built for teams that cannot leak documents.

Python · FastAPI

A browser extension that audits the CSP and security headers of any site you visit and explains, in plain language, what an attacker could do with the gaps.

TypeScript