I'm trabbit (Γmile Durand), a 17-year-old cybersecurity researcher and ethical hacker. I uncover real-world web vulnerabilities, build security tools, and promote awareness through demos and videos. I specialize in creative XSS techniques, recon automation, and OSINT investigations.
Abused the preview iframe of strikingly.com to embed phishing content in a trusted domain
context.
Tricked users into visiting untrusted links while bypassing YouTubeβs redirect warnings using clever encoding.
Archived Oracle URLs exposed over 500 expired JWTs containing internal user data, including emails and IDs.
Technique using userinfo@host syntax to mask malicious URLs β tested across modern Chromium browsers.
Terminal tool to bulk-screenshot websites from a URL list using an API β useful for recon snapshots.
Bash tool that runs Subfinder, collects Wayback URLs, and scans for sensitive keywords like password and wp-admin.
JS + Bash based tool for device tracking, bundled with a military UI and a web front-end version.
A modular pentesting Bash suite for recon, scanning, and reporting β inspired by real-world workflows.
These are the scripting languages I use regularly, along with how comfortable I feel using them:
Used OSINT and investigative methods to identify a child predator employed in a Florida school. Worked with authorities to report and remove him from his position. Case was documented for educational awareness purposes only.