Writing

Implementation notes on Rust, systems programming, security tooling, and the infrastructure behind the work.

• 2026-05-24 GeistScope: Folding Fourteen Web Scanners into mg-webscan

  The second consolidation pass: the active web-vulnerability scanners collapse from fourteen single-purpose crates into one subcommand-routed binary, three low-signal tools get cut, and the DNS-backed tools move to hickory-resolver 0.26. The harness catalog the AI sees never changes.

• 2026-05-19 GeistScope State Update: Chat REPL, Docker, and Tool Catalog Cleanup

  Six weeks of changes consolidated: a large tool expansion wired through one harness, standardized findings flowing into the prioritizer and security graph, a coding-agent chat REPL with profile-filtered tool packs, a multi-stage Docker image, and the first catalog cleanup pass.

• 2026-05-18 GeistScope: Workflow, Post-Access, and Orchestration

  mg-screenshot, mg-takeover, mg-vhost, mg-diff, mg-notify, mg-timeline, mg-nuclei-bridge, mg-privesc-linux, mg-privesc-windows, mg-loot, and mg-dns-rebind are the tools that sharpen the overall engagement workflow.

• 2026-05-18 GeistScope: Mobile App and Static Analysis

  mg-artifact-audit, mg-secret-validate, and mg-csp find vulnerabilities in distributed artifacts without running them.

• 2026-05-18 GeistScope: Network Service Auditing

  mg-tls-scan, mg-ssh-audit, mg-smtp, mg-snmp, mg-smb, and mg-http2 audit network services that web application scanners ignore entirely, using raw protocol implementations.

• 2026-05-18 GeistScope: API Surface Testing

  mg-graphql, mg-openapi, mg-grpc, mg-websocket, mg-cors-exploit, mg-cache-poison, mg-proto-pollute, and mg-deser cover modern API attack surfaces beyond standard HTTP parameter fuzzing.

• 2026-05-18 GeistScope: SSRF, OOB Callbacks, and Cloud Metadata

  mg-oob, mg-ssrf, mg-aws, mg-gcp, mg-azure, and mg-serverless turn a single SSRF into a full credential extraction chain against cloud instance metadata endpoints.

• 2026-05-17 GeistScope: Auth and Session Testing

  mg-jwt, mg-authz, mg-oauth, mg-session-audit, mg-artifact-audit apikey, mg-brute, and mg-csrf cover the full auth surface: token attacks, IDOR, credential stuffing, and cross-site request forgery.

• 2026-05-17 GeistScope: OSINT Tools

  mg-github, mg-breach, mg-social, mg-artifact-audit metadata, mg-google-dork, and mg-leak-monitor gather passive intelligence from public sources before any active testing begins.

• 2026-05-17 GeistScope: Recon Expansion

  mg-whois, mg-shodan, mg-dns-enum, mg-dns-history, mg-cloud-enum, mg-cname-chain, and mg-udp-scan extend the recon pipeline into DNS internals, historical data, and cloud storage exposure.

• 2026-05-17 GeistScope Part 9: The Security Graph

  security-graph models relationships between hosts, URLs, parameters, identities, and findings in a local JSONL-backed store. It answers questions a flat findings list can't: which parameters share an identity, which finding chains from a host to a credential.

• 2026-05-17 GeistScope: Injection and Web Vulnerability Testing

  Eight focused injection testers pull parameter lists from the crawl corpus and cover XSS, SQLi, SSTI, command injection, XXE, path traversal, open redirect, and HTTP request smuggling.

• 2026-05-16 GeistScope Part 11: AI-Powered Analysis and Reporting

  Three tools that close the loop between findings and action: mg-report generates HackerOne-ready reports with CVSS scoring. mg-recopilot analyzes decompiled pseudocode for exploit primitives. mg-exploitgen scaffolds a complete exploit project from a CVE description and target-env spec.

• 2026-05-16 GeistScope Part 10: The AI Harness

  mg-harness is the JSON API layer between an AI operator and the GeistScope toolchain. It accepts typed invocations, applies scope and risk policy, dispatches the right tool, and returns bounded structured results — so the AI works on findings, not raw terminal output.

• 2026-05-15 GeistScope Part 8: Authenticated Testing and Stack-Aware Payloads

  session manages engagement auth configuration without ever touching plaintext credentials. payload-engine reads what the fingerprinter found and selects payloads tuned to the actual stack — MySQL-specific SQLi, Jinja2-specific SSTI, GCP-specific SSRF.

• 2026-05-13 GeistScope Part 7: Mining the Historical Attack Surface

  corpus-builder queries certificate transparency logs and the Wayback Machine CDX API to build a persistent SQLite corpus of subdomains and paths — passive intelligence gathered before any active probing.

• 2026-05-11 GeistScope Part 6: The Shared Client Layer

  Two library crates that every tool in the pipeline depends on: http-client handles UA rotation, rate limiting, and retry with jittered backoff. llm-client gives a single interface over local Ollama and remote Anthropic models.

• 2026-05-09 GeistScope Part 5: The Terminal Dashboard

  mg-tui is a Ratatui terminal dashboard that gives you a live view across all engagements — hosts, findings, fuzz results, and a built-in browser — without leaving the terminal.

• 2026-05-07 GeistScope Part 4: Fuzzing, Verification, and AI Prioritization

  mg-fuzz sends attack payloads and diffs every response. mg-replay re-executes curl evidence to verify findings before submission. ai-prioritize uses an LLM to rank what to look at first.

• 2026-05-05 GeistScope Part 3: Crawling and Probing

  mg-crawl maps the application surface and extracts secrets hidden in JavaScript. mg-probe checks security posture without sending attack payloads. Both run before a single fuzz request goes out.

• 2026-05-03 GeistScope Part 2: The Recon Pipeline

  Four tools, one orchestrator: how subdomain enumeration, port scanning, and tech stack fingerprinting come together into a resumable recon pipeline written in async Rust.

• 2026-05-01 GeistScope Part 1: The Engagement Workspace

  How I designed a bug bounty toolchain where every tool writes to the same file layout — and why that makes AI collaboration file-native with no custom IPC.

• 2026-04-05 Building mg-server: A Rust Web Server From Scratch

  How I built a personal portfolio and blog in Rust — from zero to a hardened, production-ready server — and what it taught me about systems programming and web security.

• 2026-04-03 Building a Port Scanner in Rust

  Rewriting a Python port scanner in Rust — ownership, async I/O, and why it's an order of magnitude faster.

• 2026-04-02 Memory Safety: C vs Rust

  Why most C CVEs are memory safety bugs, and how Rust eliminates that class at the compiler level.