DEV Community: Mohamed

Meet ReVex: The Cyberpunk HTTP Repeater that lives in your DevTools ☠️

Mohamed — Sun, 01 Feb 2026 21:32:40 +0000

We’ve all been there.

You’re browsing a target site, hunting for bugs or debugging an API. You spot a request you want to modify—maybe just to change a user ID or replay a payload.

The Problem? To do that, you have to fire up Burp Suite (which takes memory), configure your browser proxy, install certificates, and deal with the lag. For a deep pentest, that’s fine. But for a quick check? It feels like overkill.

I got tired of the context switching. I wanted something that lived inside the browser but offered more power than the standard "Edit and Resend" feature in Chrome/Firefox.

So, I built ReVex.

🛡️ What is ReVex?
ReVex (Request Vex) is a browser extension that brings a full HTTP Repeater environment directly into Firefox DevTools.

It is designed for security researchers, bug bounty hunters, and frontend developers who need to debug traffic without leaving the tab. It features a high-contrast Cyberpunk/Hacker theme because, let’s be honest, we stare at screens all day—dark mode is non-negotiable.

✨ Key Features
Unlike standard network tools, ReVex is built for offensive security workflows:

🔄 Instant Capture & Replay: All requests in your tab are automatically captured. Click one, modify the headers, method, or body, and hit SEND.

🔓 CORS Bypass: It uses a background relay to bypass standard browser CORS restrictions, allowing you to send requests to any endpoint.

🧠 Magic Decoder: Highlight any string (Base64, JWT, URL-encoded), and ReVex auto-detects and decodes it instantly. No more switching to CyberChef for simple tasks.

⌨️ Copy as cURL: One-click generation of perfectly escaped cURL commands for your terminal.

🛠️ Under the Hood
ReVex is purely local. It does not transmit data to any cloud server. It uses the webRequest API to capture traffic and a background script to handle the replaying logic.

I built it using Vanilla JS to keep it ultra-lightweight. No React bloat, no heavy dependencies. Just fast, raw performance.

🚀 How to get it
ReVex is open-source and available now.

Firefox Add-on: https://addons.mozilla.org/en-US/firefox/addon/revex-hacker-s-http-repeater/

GitHub (Source Code): https://github.com/medjahdi/ReVex/

If you find it useful for your bug bounty hunting or API development, please consider starring the repo on GitHub! It helps a lot.

Happy Hacking. 👾

☕ Support the Project
ReVex is 100% free and open-source. If it helps you find a bug, saves you time, or you just like the cyberpunk vibe, you can support future development by buying me a coffee:

👉 Donate via PayPal

HellRush: Building a Python-Based DDoS Simulation Toolkit for Security Education

Mohamed — Sun, 08 Jun 2025 14:45:31 +0000

HellRush: Building a Python-Based DDoS Simulation Toolkit for Security Education

Overview

I've built HellRush, an open-source educational toolkit that simulates various DDoS attack vectors and includes network reconnaissance tools. Written in pure Python with no external dependencies, it's designed specifically for security professionals and students to learn in controlled environments. Check it out on GitHub.

The Problem with Security Education

As someone who's spent years in cybersecurity, I've often encountered a significant problem when teaching network security concepts: the gap between theoretical knowledge and practical application.

Theory alone doesn't prepare security professionals for real-world scenarios. But using actual attack tools in educational settings presents ethical and legal challenges.

That's why I built HellRush – a comprehensive toolkit that bridges this gap while maintaining an ethical focus.

What HellRush Does

HellRush consists of two main Python scripts:

1. Network Reconnaissance (`resolver.py`)

The first stage of any security assessment is reconnaissance. HellRush's resolver component handles:


python
# Usage example
python resolver.py -d targetdomain.com
This performs:

Domain to IP resolution (including multiple IPs)
Port scanning across common service ports
Detailed visual output of findings
Here's a sample of the resolver output:

Resolver Output

2. DDoS Simulation Engine (hR.py)
The core component provides six different attack vectors:

Python
# Basic syntax
python hR.py -t TARGET_IP -a ATTACK_TYPE -p PORT -s SIZE -d DURATION
Available attack types include:

UDP Flood: Overwhelms ports with UDP traffic

Python
python hR.py -t 192.168.1.100 -a udp -p 53 -d 30
SYN Flood: Exploits TCP handshake process

Python
python hR.py -t 192.168.1.100 -a syn -p 80 -d 30
ICMP Flood: Ping-based flooding

Python
python hR.py -t 192.168.1.100 -a icmp -d 30
HTTP Flood: Web server request flooding

Python
python hR.py -t 192.168.1.100 -a http -p 80 -d 30
DNS Amplification: Simulates DNS amplification attacks

Python
python hR.py -t 192.168.1.100 -a dns -d 30
Slowloris: Connection exhaustion technique

Python
python hR.py -t 192.168.1.100 -a slowloris -p 80 -d 30
Technical Implementation Details
Pure Python Philosophy
I deliberately avoided external dependencies to make HellRush as portable as possible. Everything is built using the Python standard library:

Python
import socket
import random
import time
import threading
import argparse
import sys
import itertools
Multithreading for Realistic Simulation
Each attack vector runs in its own thread while a progress animation displays in the main thread:

Python
def launch_attack(attack_type, target_ip, target_port, packet_size, duration, stop_event):
    if attack_type == "udp":
        udp_flood(target_ip, target_port, packet_size, duration, stop_event)
    elif attack_type == "syn":
        syn_flood(target_ip, target_port, duration, stop_event)
    # Additional attack vectors...

# In main():
attack_thread = threading.Thread(target=launch_attack, 
                                args=(args.attack, args.target, args.port, 
                                      args.size, args.duration, stop_event))
animation_thread = threading.Thread(target=animate_attack, 
                                   args=(args.duration, stop_event))
Real-time Animation
For better UX, an animation shows attack progress:

Python
def animate_attack(duration, stop_event):
    spinner = itertools.cycle(['|', '/', '-', '\\'])
    start_time = time.time()
    while time.time() - start_time < duration and not stop_event.is_set():
        sys.stdout.write('\rAttacking... ' + next(spinner))
        sys.stdout.flush()
        time.sleep(0.1)
    sys.stdout.write('\rAttack finished.    \n')
Ethical Considerations
As a security tool developer, I take ethics seriously. HellRush is:

Educational - Created specifically for learning environments
Open source - Code transparency ensures no hidden functionality
Well-documented - Clear usage guidelines and ethical warnings
MIT Licensed - Requires ethical usage
Important: Using HellRush against systems without explicit permission is illegal and unethical.

Key Learning Points from Building HellRush
Socket Programming Nuances - Working with different protocols (UDP, TCP, ICMP) revealed interesting implementation challenges
Threading in Python - Managing thread synchronization with events for clean termination
User Experience - Even in CLI tools, progress indicators greatly improve usability
Ethical Design - Building guardrails into security tools from the beginning
What's Next?
I'm actively developing HellRush with several features planned:

Additional attack vectors
Reporting capabilities
Network traffic visualization
Defense mechanism testing
Try It Yourself
HellRush is available on GitHub under the MIT License:

bash
# Clone the repository
git clone https://github.com/medjahdi/HellRush.git

# Navigate to directory
cd HellRush

# View help
python hR.py -h
Contribute
If you're interested in network security education, I welcome:

Bug reports
Feature suggestions
Code contributions
Documentation improvements
What other features would you find useful in a security education toolkit? Let me know in the comments!

RedTiger: Advanced Automated XSS Vulnerability Testing Tool

Mohamed — Sat, 07 Jun 2025 22:38:30 +0000

RedTiger: Advanced Automated XSS Vulnerability Testing Tool

Introduction

In today's digital landscape, web application security is more critical than ever. Cross-Site Scripting (XSS) remains one of the most prevalent security vulnerabilities according to OWASP Top 10, affecting countless websites and applications. Yet, the process of identifying these vulnerabilities can be time-consuming and complex, requiring multiple tools and manual correlation.

Enter RedTiger – an all-in-one automated XSS vulnerability testing tool designed to streamline security assessments with intelligent endpoint filtering and an elegant terminal UI. As a cybersecurity professional, I developed RedTiger to address the challenges of efficient XSS testing at scale.

The Problem RedTiger Solves

XSS vulnerability testing traditionally involves several disjointed steps:

Discovering subdomains
Filtering viable targets
Finding endpoints with parameters
Testing each endpoint for XSS vulnerabilities

This fragmented approach often leads to inefficiencies, missed vulnerabilities, and excessive time spent switching between tools. RedTiger transforms this process into a seamless, automated workflow that handles each step methodically while providing real-time feedback.

Key Features

RedTiger combines power and elegance with these standout features:

🔍 Comprehensive Scanning Pipeline

RedTiger automates the complete XSS testing workflow:

Subdomain Enumeration: Discovers all related subdomains for thorough coverage
Intelligent Link Filtering: Focuses on potentially vulnerable endpoints
Parameter Detection: Tests only endpoints with parameters (containing "?")
XSS Vulnerability Testing: Employs sophisticated payload testing

🎯 Efficiency Through Smart Filtering

Not all endpoints are created equal when it comes to XSS vulnerability. RedTiger intelligently filters:

Live and responsive subdomains only
Endpoints containing query parameters
URLs likely to process user input

This targeted approach dramatically reduces testing time while maintaining comprehensive coverage.

🖥️ Beautiful Terminal User Interface

Security tools don't need to be visually bland. RedTiger features:

Animated progress indicators
Color-coded outputs for instant status recognition
Clear section dividers for each testing phase
Real-time statistics and completion percentages

📊 Comprehensive Reporting

RedTiger provides detailed insights at each stage:

Subdomain discovery metrics
Link filtering statistics
Endpoint extraction counts
XSS vulnerability findings with severity ratings

Technical Implementation

RedTiger orchestrates several specialized tools to accomplish its mission:

subfinder: For fast and efficient subdomain discovery
katana: For intelligent web crawling and endpoint extraction
XnovaX: For filtering and processing viable target links
XSSNOVA: For advanced XSS payload testing and vulnerability detection

The architecture follows a pipeline pattern where the output of each stage feeds into the next, with appropriate filtering and processing between stages.

Workflow Visualization

Input Domain → Subdomain Enumeration → Link Filtering → Endpoint Extraction → Parameter Filtering → XSS Testing → Vulnerability Report

Installation and Setup

Getting started with RedTiger is straightforward:

Clone the repository:

git clone https://github.com/medjahdi/RedTiger.git
cd RedTiger

Make the script executable:

chmod +x redtiger.sh

Install dependencies (if not already installed):

# Install subfinder
GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder

# Install katana
GO111MODULE=on go get -v github.com/projectdiscovery/katana/cmd/katana

Ensure the proper directory structure:

RedTiger/
├── redtiger.sh
├── XnovaX/
│   └── xnovax.py
└── XSSNOVA/
    └── xssnova.py

Using RedTiger

Run RedTiger against a target domain with a simple command:

./redtiger.sh example.com

The tool automatically creates an organized directory structure for the target domain, storing results from each phase of testing:

example.com/
├── subdomains.txt     # All discovered subdomains
├── clean_livesubs.txt # Filtered useful links
├── endpoints.txt      # All extracted endpoints
└── attack.txt         # Endpoints with parameters for XSS testing

Real-World Applications

RedTiger excels in various security testing scenarios:

Bug Bounty Hunting

Quickly scan target domains for XSS vulnerabilities, giving you a competitive edge in finding reportable issues before others.

Security Assessments

Perform comprehensive XSS testing during security assessments, providing clients with actionable vulnerability reports.

Continuous Security Testing

Integrate RedTiger into CI/CD pipelines to test for XSS vulnerabilities before deployment.

Educational Use

Learn about XSS vulnerabilities and web application security by observing how RedTiger identifies potential injection points.

The Journey Behind RedTiger

As a cybersecurity professional specializing in web application security, I repeatedly found myself manually chaining together tools to perform XSS testing. Each assessment required the same sequence of actions with different target domains. I created RedTiger to automate this process and to provide a more elegant, efficient solution.

The development process involved careful selection of dependencies, refining the filtering logic to minimize false positives, and designing a user interface that provides clarity during intensive scanning operations.

What's Next for RedTiger

The development roadmap includes:

Expanded vulnerability testing beyond XSS (SQL injection, CSRF, etc.)
Customizable reporting formats (HTML, PDF, JSON)
Integration with vulnerability management platforms
Advanced payload generation using machine learning
Collaboration features for security teams

About the Author

I'm Med Jahdi, a cybersecurity researcher and ethical hacker passionate about web application security. With expertise in vulnerability assessment and penetration testing, I focus on creating tools that make security testing more efficient and accessible.

Connect with Me

GitHub: https://github.com/medjahdi
Portfolio: https://medjahdi.github.io

Support This Project

If you find RedTiger useful in your security testing workflow, consider supporting its continued development:

https://www.paypal.com/ncp/payment/W5SHTZX6LZH86

Your support helps maintain and improve RedTiger while enabling the development of new security tools for the community.

Conclusion

In the ever-evolving landscape of web security, efficient vulnerability detection tools are essential. RedTiger combines multiple testing phases into a seamless workflow, allowing security professionals to identify XSS vulnerabilities with unprecedented efficiency.

Whether you're a bug bounty hunter, security consultant, or developer concerned about application security, RedTiger provides the automated intelligence needed to find vulnerabilities before malicious actors do.

I welcome your feedback and contributions to make RedTiger even better. Feel free to open issues, submit pull requests, or reach out with suggestions.

⚠️ Disclaimer: RedTiger is designed for ethical security testing only. Always ensure you have proper authorization before testing any domain or application.

WhoWeB Scanner - Simple Website Scanner Tool

Mohamed — Wed, 19 Mar 2025 17:49:04 +0000

WhoWeB Scanner - Simple Website Scanner Tool

Author: @medjahdi

License: Python License

🔍 Introduction

WhoWeB Scanner is a simple yet powerful website scanning tool designed to gather basic information about a website. This tool is intended for educational and informational purposes only and should be used responsibly.

🚀 Features

Extracts all links from a webpage.
Detects cookies used on the site.
Retrieves website IP address and its associated country.
Finds email addresses (if present in mailto links).
Checks for Apache server and PHP usage.
Identifies the presence of Google Analytics.
Detects frames on the webpage.
Lists uncommon HTTP headers.
Displays page title and the number of meta tags.

🛠 Installation & Usage

1️⃣ Prerequisites

Ensure you have Python 3.x installed on your system.

2️⃣ Install Required Libraries

pip install requests beautifulsoup4 colorama

3️⃣ Run the Scanner

python whoweb_scanner.py [URL]

Replace [URL] with the website you want to scan.

⚠️ Disclaimer

🚨 Important: This tool is for educational and research purposes only. Unauthorized scanning of websites may violate their terms of service. Use responsibly.

💻 Author

Developed by @medjahdi

📌 GitHub Repository: WhoWeB Scanner

LAKASA-WIFI - Wi-Fi Connection Script

Mohamed — Wed, 19 Mar 2025 17:40:38 +0000

LAKASA-WIFI - Wi-Fi Connection Script

Author: @medjahdi

Introduction

LAKASA-WIFI is a Python script designed to connect to Wi-Fi networks using either a wordlist or a randomly generated password. This project is strictly for educational purposes only and should be used responsibly.

🚀 Features

Print Logo: Displays a custom logo and title.
List Networks: Scans and lists available Wi-Fi networks.
Connect to Network: Attempts to connect to a specified Wi-Fi network using a password.
Wordlist Mode: Uses a predefined wordlist to attempt Wi-Fi connections.
Random Password Mode: Generates and tests random passwords of a specified length.

🛠 Installation & Usage

1️⃣ Clone the Repository:

git clone https://github.com/medjahdi/LAKASA-WIFI.git
cd LAKASA-WIFI

2️⃣ Run the Script:

python main.py

3️⃣ Follow the Prompts:

Enter the SSID of the target network.
Choose between Wordlist Mode or Random Password Mode.

📸 Screenshot

(Attach project logo or relevant screenshots here)

⚠️ Disclaimer

🚨 Important: This script is for educational and research purposes only. Unauthorized access to networks is illegal and strictly prohibited. The author holds no responsibility for misuse.

💻 Author

Developed by @medjahdi

📌 GitHub Repository: LAKASA-WIFI

🚀 Student Management System - A Python & MySQL-Based Solution

Mohamed — Wed, 19 Mar 2025 17:38:05 +0000

📌 IntroductionManaging student data efficiently is crucial for educational institutions. Student Management System is a powerful Python-based solution that integrates MySQL for seamless database operations. This open-source project allows users to perform CRUD operations, search student records, and even export data to CSV files.

🔹 Features

✅ Add Student – Easily add new student records to the database.✅ Delete Student – Remove students by ID.✅ Update Student – Modify student information effortlessly.✅ Search Student – Find students using ID or name.✅ Display All Students – View all stored records.✅ Export to CSV – Download student records for external use.

🛠️ Getting Started

🔹 Prerequisites

Ensure you have the following installed:

Python 3.x – Download Here

MySQL – Install MySQL

🔹 Database Setup

1️⃣ Open MySQL and create a new database:

mysql -u root -p
CREATE DATABASE student_management;
USE student_management;

2️⃣ Create the students table:

CREATE TABLE students (
id VARCHAR(10) PRIMARY KEY,
name VARCHAR(50),
surname VARCHAR(50),
dob DATE,
address VARCHAR(100),
nationality VARCHAR(50),
faculty VARCHAR(50),
department VARCHAR(50),
specialization VARCHAR(50),
year VARCHAR(10)
);

📥 Installation

Clone the repository and install dependencies:

git clone https://github.com/medjahdi/student-management-system.git
cd student-management-system
pip install mysql-connector-python termcolor

🚀 Running the Application

Launch the program with:

python start.py

📂 Project Structure

📌 start.py – Main script to run the application.📌 login.py – Handles authentication with hashed passwords.📌 app.py – Contains CRUD operations & export functionality.📌 README.md – Project overview.

🔒 Login Security
The application uses SHA-256 hashed passwords for authentication. The default password is "nova".

🖼️ Screenshots

💻 Login Screen

📊 Main Program Interface

🛠️ Contributing

We welcome contributions! Follow these steps:
1️⃣ Fork the repo.2️⃣ Create a feature branch: git checkout -b feature/YourFeatureName.3️⃣ Commit changes: git commit -m 'Add feature XYZ'.4️⃣ Push: git push origin feature/YourFeatureName.5️⃣ Open a pull request.

📜 License

📩 Contact & More

💻 GitHub: Student Management System🌐 Portfolio: medjahdi.github.io📧 Email: medjahdi.mohamed@outlook.com

📌 Let me know what you think about this project in the comments! 🚀

Introducing PyEYE: A Powerful Tool for Extracting Endpoints and Paths

Mohamed — Wed, 19 Mar 2025 17:34:17 +0000

Hey everyone!

I'm excited to introduce PyEYE, a powerful tool designed to extract endpoints and paths from websites by analyzing HTML content and associated resources. It identifies potential API endpoints, routes, and file paths which can be useful for security research, web mapping, and application analysis.

Features:
Extracts endpoints and paths from websites
Analyzes HTML content and associated resources
Identifies potential API endpoints, routes, and file paths
Useful for security research, web mapping, and application analysis
**Repository:
**Check out the **PyEYE **repository on GitHub for more details and to get started! https://github.com/medjahdi/PyEYE

**Language:
**PyEYE is written entirely in Python.

🚀 Dzair GPT – Algeria’s First AI Chatbot API! 🇩🇿🤖

Mohamed — Mon, 17 Mar 2025 21:18:20 +0000

Hey everyone! I’m excited to introduce Dzair GPT, an AI chatbot built with a custom API for businesses & developers looking to integrate NLP automation into their projects.

🔹 Key Features:
✅ Smart AI responses with advanced prompt engineering
✅ Multiple integrations – Web API, CLI, and Python SDK
✅ Real-time performance with caching & streaming
✅ Custom API for businesses & startups

💡 Who is this for?
🔹 Developers looking for an AI-powered chatbot API
🔹 Businesses wanting automated AI customer support
🔹 Tech enthusiasts exploring AI in Algeria & beyond

🔥 Try Dzair GPT Now!
🔗 Demo: dzair-gpt.vercel.app
📖 Docs: docs-dzair-gpt.vercel.app
📩 Interested in API access? Contact me!
📧 Email: medjahdi.mohamed@outlook.com

Would love to hear your feedback & thoughts! 🚀

AI #DzairGPT #APIs #Chatbot #MachineLearning #Tech #Algeria

Introducing Dzair GPT – A Custom AI Chatbot API for Businesses

Mohamed — Mon, 17 Mar 2025 21:06:00 +0000

🚀 Dzair GPT – Algeria’s First AI Chatbot API! 🇩🇿🤖

Hey everyone! I’m excited to introduce Dzair GPT, an AI chatbot built with a custom API for businesses & developers looking to integrate NLP automation into their projects.

💡 Who is this for?
🔹 Developers looking for an AI-powered chatbot API
🔹 Businesses wanting automated AI customer support
🔹 Tech enthusiasts exploring AI in Algeria & beyond

🔥 Try Dzair GPT Now!
🔗 Demo: dzair-gpt.vercel.app
📖 Docs: docs-dzair-gpt.vercel.app
📩 Interested in API access? Contact me!
📧 Email: medjahdi.mohamed@outlook.com

Would love to hear your feedback & thoughts! 🚀

AI #DzairGPT #APIs #Chatbot #MachineLearning #Tech #Algeria

DEV Community: Mohamed

Meet ReVex: The Cyberpunk HTTP Repeater that lives in your DevTools ☠️

HellRush: Building a Python-Based DDoS Simulation Toolkit for Security Education

HellRush: Building a Python-Based DDoS Simulation Toolkit for Security Education

Overview

The Problem with Security Education

What HellRush Does

1. Network Reconnaissance (resolver.py)

RedTiger: Advanced Automated XSS Vulnerability Testing Tool

RedTiger: Advanced Automated XSS Vulnerability Testing Tool

Introduction

The Problem RedTiger Solves

Key Features

🔍 Comprehensive Scanning Pipeline

🎯 Efficiency Through Smart Filtering

🖥️ Beautiful Terminal User Interface

📊 Comprehensive Reporting

Technical Implementation

Workflow Visualization

Installation and Setup

Using RedTiger

Real-World Applications

Bug Bounty Hunting

Security Assessments

Continuous Security Testing

Educational Use

The Journey Behind RedTiger

What's Next for RedTiger

About the Author

Connect with Me

Support This Project

Conclusion

WhoWeB Scanner - Simple Website Scanner Tool

WhoWeB Scanner - Simple Website Scanner Tool

🔍 Introduction

🚀 Features

🛠 Installation & Usage

1️⃣ Prerequisites

2️⃣ Install Required Libraries

3️⃣ Run the Scanner

⚠️ Disclaimer

💻 Author

LAKASA-WIFI - Wi-Fi Connection Script

LAKASA-WIFI - Wi-Fi Connection Script

Introduction

🚀 Features

🛠 Installation & Usage

1️⃣ Clone the Repository:

2️⃣ Run the Script:

3️⃣ Follow the Prompts:

📸 Screenshot

⚠️ Disclaimer

💻 Author

🚀 Student Management System - A Python & MySQL-Based Solution

Introducing PyEYE: A Powerful Tool for Extracting Endpoints and Paths

🚀 Dzair GPT – Algeria’s First AI Chatbot API! 🇩🇿🤖

AI #DzairGPT #APIs #Chatbot #MachineLearning #Tech #Algeria

Introducing Dzair GPT – A Custom AI Chatbot API for Businesses

AI #DzairGPT #APIs #Chatbot #MachineLearning #Tech #Algeria

1. Network Reconnaissance (`resolver.py`)