Projects & Tools

Public code on GitHub.

A small selection of tools I've published over the years. Most of the work I've done across a decade of consulting is either IP belonging to former employers or specific to active client engagements — none of that is here. What's below is what I've put in the open.

GCP Kit

A modular GCP penetration testing framework.

Modules I've built and published toward a broader GCP-focused offensive framework. Development is currently paused while I focus on client work, but the modules below are functional and on GitHub.

01
gcp_identifier
Cloud OSINT · Python · 5 stars
OSINT module for tying GCP-hosted endpoints to a specific target domain. Mostly passive, with a small set of active techniques where the value justifies it. Useful when you've got a target and need to figure out what GCP-hosted assets they actually have exposed.
View on GitHub →
02
gcp_bqhunter
Cloud Auditing · Python
Audits BigQuery datasets — including hidden ones — for unprotected secrets. Built off the back of real engagement findings where credentials, tokens, and other sensitive material were sitting in places people forgot to lock down. Walks the dataset surface a defender wouldn't think to check.
View on GitHub →
Other Public Work

Tooling and shipped software.

Older offensive tooling and a working production application — proof that the engineering side of the practice isn't theoretical.

03
DarkEnumeration
OSCP-era Enumeration · 30 stars · 17 forks
Automated enumeration and profiling tool I built to grind the OSCP back in the 2015–2017 era of the exam. Hand-coded, no fancy frameworks. Probably doesn't work against anything modern, but the star and fork counts are real and reflect that other people found it useful at the time. Kept public for posterity.
View on GitHub →
04
CTPreg
OffSec CTP Registration Solver
When OffSec's Cracking the Perimeter (CTP) course was still a thing, you had to solve a registration challenge to enroll. CTPreg automates the full attack chain end-to-end and produces the registration code. Was private until OffSec retired the course. Now public for anyone who wants to study how the chain worked. Hand-coded, no frameworks.
View on GitHub →
05
Snowballin
Automated Trading Bot · Python
A real shipped application — automated trading bot for the Kraken exchange. Dollar-cost averages into selected assets and opportunistically buys dips and sells peaks to compound returns faster than straight DCA. API integrations, scheduled execution, persistence, error handling, the rest of what a real piece of software needs to actually run. Outside the security domain, but the kind of work I do under the Secure Development practice.
View on GitHub →
Why isn't there more here? Most of the code I've written over the last decade is IP that belongs to former employers, or is part of active client engagements that won't see daylight. Some of what's not on GitHub: custom C2 infrastructure, red team tooling for AD exploitation, AI-assisted social engineering frameworks, and internal automation. That's the nature of the work — most of it stays private.
Full GitHub: github.com/Ohmjones — includes the projects above plus forks of tooling I use day-to-day.
Contact

Want something built?

Custom security tooling, internal frameworks, or product work — see the Secure Development page for engagement structure, or reach out directly.

Get in touch