Anant Shrivastava
@anantshri.info
Researcher | Trainer | Security Professional | Developer | Admin
Pinned
Anant Shrivastava
@anantshri.info
· Jul 21
SBOM Play: Simplified SBOM Visualization Tool for Developers
Discover SBOM Play: a user-friendly tool to visualize SBOMs with vulnerability insights and licensing analysis—no complex setup required!
cyfinoid.com
Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
Hacking Archives of India – Website Revamp Update
I am thrilled to announce a major update to Hacking Archives of India (HAI). My mission has always been to document the history and contributions of the Indian information security community. To better serve that mission, I have completely revamped…
I am thrilled to announce a major update to Hacking Archives of India (HAI). My mission has always been to document the history and contributions of the Indian information security community. To better serve that mission, I have completely revamped…
Hacking Archives of India – Website Revamp Update
I am thrilled to announce a major update to Hacking Archives of India (HAI). My mission has always been to document the history and contributions of the Indian information security community. To better serve that mission, I have completely revamped both the looks and the internals of the website. Whether you are looking for specific tools, historical talks, or the journey of specific hackers, the new HAI is faster, cleaner, and now machine-readable. Here is a deep dive into the new features and changes you will find. 1. Visual Overhaul: Big Data, Big Cards…
blog.anantshri.info
February 9, 2026 at 4:52 AM
Hacking Archives of India – Website Revamp Update
I am thrilled to announce a major update to Hacking Archives of India (HAI). My mission has always been to document the history and contributions of the Indian information security community. To better serve that mission, I have completely revamped…
I am thrilled to announce a major update to Hacking Archives of India (HAI). My mission has always been to document the history and contributions of the Indian information security community. To better serve that mission, I have completely revamped…
And badges are live on my website now : anantshri.info/badges/#:~:t...
and github.com/anantshri/hu... <- theme has support for boinc badges also now.
and github.com/anantshri/hu... <- theme has support for boinc badges also now.
January 28, 2026 at 7:17 PM
And badges are live on my website now : anantshri.info/badges/#:~:t...
and github.com/anantshri/hu... <- theme has support for boinc badges also now.
and github.com/anantshri/hu... <- theme has support for boinc badges also now.
I wanted a simple JSON API to fetch my BOINC stats and badges for my website.
There was no clean endpoint, so I built one.
boincstats.apps.anantshri.info
It is still scraping, just done once on my side instead of everyone doing it badly.
You get clean JSON, updated every 24 hours.
There was no clean endpoint, so I built one.
boincstats.apps.anantshri.info
It is still scraping, just done once on my side instead of everyone doing it badly.
You get clean JSON, updated every 24 hours.
BOINC Stats - Cross-Project Statistics
Unified BOINC statistics across all projects. Search by CPID or username to view your aggregated stats and badges.
boincstats.apps.anantshri.info
January 28, 2026 at 5:05 PM
I wanted a simple JSON API to fetch my BOINC stats and badges for my website.
There was no clean endpoint, so I built one.
boincstats.apps.anantshri.info
It is still scraping, just done once on my side instead of everyone doing it badly.
You get clean JSON, updated every 24 hours.
There was no clean endpoint, so I built one.
boincstats.apps.anantshri.info
It is still scraping, just done once on my side instead of everyone doing it badly.
You get clean JSON, updated every 24 hours.
I have been building zero install security tools where the browser is the base. I wrote about the “why” here:
blog.anantshri.info/making-secur...
I realized many others are building similar browser-first tools, so I made a curated collection:
anantshri.github.io/awesome-in-b...
PRs & links welcome
blog.anantshri.info/making-secur...
I realized many others are building similar browser-first tools, so I made a curated collection:
anantshri.github.io/awesome-in-b...
PRs & links welcome
Awesome In-Browser Security Tools
A curated list of open-source security tools that run entirely in your browser — no backend, no installation required.
anantshri.github.io
January 10, 2026 at 7:18 PM
I have been building zero install security tools where the browser is the base. I wrote about the “why” here:
blog.anantshri.info/making-secur...
I realized many others are building similar browser-first tools, so I made a curated collection:
anantshri.github.io/awesome-in-b...
PRs & links welcome
blog.anantshri.info/making-secur...
I realized many others are building similar browser-first tools, so I made a curated collection:
anantshri.github.io/awesome-in-b...
PRs & links welcome
SBOMPlay v0.0.7
- Custom SBOM support
- Improved SBOM auditor: checks against baselines
- EOX detection (EOL and EOS)
- Dependency confusion detection
- Clear rate limit warnings
- Explicit list of outbound hosts for paranoid self-hosting deployment
cyfinoid.com/sbomplay-v0-...
- Custom SBOM support
- Improved SBOM auditor: checks against baselines
- EOX detection (EOL and EOS)
- Dependency confusion detection
- Clear rate limit warnings
- Explicit list of outbound hosts for paranoid self-hosting deployment
cyfinoid.com/sbomplay-v0-...
Introducing SBOMPlay v0.0.7: Enhanced Features Unveiled
Explore the latest updates in SBOMPlay v0.0.7, featuring enhanced capabilities, custom SBOM support, and improved auditing tools.
cyfinoid.com
January 1, 2026 at 2:18 PM
SBOMPlay v0.0.7
- Custom SBOM support
- Improved SBOM auditor: checks against baselines
- EOX detection (EOL and EOS)
- Dependency confusion detection
- Clear rate limit warnings
- Explicit list of outbound hosts for paranoid self-hosting deployment
cyfinoid.com/sbomplay-v0-...
- Custom SBOM support
- Improved SBOM auditor: checks against baselines
- EOX detection (EOL and EOS)
- Dependency confusion detection
- Clear rate limit warnings
- Explicit list of outbound hosts for paranoid self-hosting deployment
cyfinoid.com/sbomplay-v0-...
Discover Readwise Wrapped, your personalized reading recap with stats, insights, and highlights from your reading journey over the year.
Readwise Wrapped: my year in reading
TL;DR: I built Readwise Wrapped. It gives you a Spotify Wrapped style year-in-review for your Readwise highlights. You paste your Readwise token, pick a year, and it spits out a clean, shareable, good-looking reading recap.Link:
blog.anantshri.info
December 30, 2025 at 4:32 PM
Discover Readwise Wrapped, your personalized reading recap with stats, insights, and highlights from your reading journey over the year.
I am assuming people are right now collecting their year wraps. I found it was not available for readwise so i made a tool that can get you a year unwrap for readwise readwise-wrapped.apps.anantshri.info
Have a go at it and suggest if you feel something is missing.
Have a go at it and suggest if you feel something is missing.
Readwise Wrapped 2025
readwise-wrapped.apps.anantshri.info
December 29, 2025 at 8:02 PM
I am assuming people are right now collecting their year wraps. I found it was not available for readwise so i made a tool that can get you a year unwrap for readwise readwise-wrapped.apps.anantshri.info
Have a go at it and suggest if you feel something is missing.
Have a go at it and suggest if you feel something is missing.
Discover Fedi Wrap, the easy tool for generating your year in review report from fediverse mastodon api compatible servers, prioritizing privacy and local analysis.
https://blog.anantshri.info/building-fedi-wrap-my-year-in-review-for-the-fediverse/
https://blog.anantshri.info/building-fedi-wrap-my-year-in-review-for-the-fediverse/
December 29, 2025 at 9:07 AM
Discover Fedi Wrap, the easy tool for generating your year in review report from fediverse mastodon api compatible servers, prioritizing privacy and local analysis.
https://blog.anantshri.info/building-fedi-wrap-my-year-in-review-for-the-fediverse/
https://blog.anantshri.info/building-fedi-wrap-my-year-in-review-for-the-fediverse/
🚀 3rd Party Tracer v1.0.6 🚀
New features:
• Quick scan mode added
• More sources added for subdomain enum
• Email security dashboard
• Batch analysis
• JSON Import
• Pdf export
Try: cyfinoid.github.io/3ptracer/
Star: github.com/cyfinoid/3pt...
Client-side only. No data leaves your browser.
New features:
• Quick scan mode added
• More sources added for subdomain enum
• Email security dashboard
• Batch analysis
• JSON Import
• Pdf export
Try: cyfinoid.github.io/3ptracer/
Star: github.com/cyfinoid/3pt...
Client-side only. No data leaves your browser.
3rd Party Tracer - Third Party Service Identifier
cyfinoid.github.io
December 25, 2025 at 8:51 AM
🚀 3rd Party Tracer v1.0.6 🚀
New features:
• Quick scan mode added
• More sources added for subdomain enum
• Email security dashboard
• Batch analysis
• JSON Import
• Pdf export
Try: cyfinoid.github.io/3ptracer/
Star: github.com/cyfinoid/3pt...
Client-side only. No data leaves your browser.
New features:
• Quick scan mode added
• More sources added for subdomain enum
• Email security dashboard
• Batch analysis
• JSON Import
• Pdf export
Try: cyfinoid.github.io/3ptracer/
Star: github.com/cyfinoid/3pt...
Client-side only. No data leaves your browser.
All the new 3rd party modules must not be installed immediately, unless its a critical zero day, unless the author informs you to do so, unless a gazillion other exceptions.
Infosec needs to make up their mind what should dev/admins do. and ya everyone with buy my product can go to hell.
Infosec needs to make up their mind what should dev/admins do. and ya everyone with buy my product can go to hell.
December 8, 2025 at 8:27 AM
All the new 3rd party modules must not be installed immediately, unless its a critical zero day, unless the author informs you to do so, unless a gazillion other exceptions.
Infosec needs to make up their mind what should dev/admins do. and ya everyone with buy my product can go to hell.
Infosec needs to make up their mind what should dev/admins do. and ya everyone with buy my product can go to hell.
🚨 BLACK FRIDAY MEGA SALE 🚨
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
Cyfinoid Research - Security Tools & Projects
Cyfinoid's collection of security tools and research projects including software supply chain analysis, Android assessment, cloud security, and more.
cyfinoid.github.io
November 19, 2025 at 9:09 AM
🚨 BLACK FRIDAY MEGA SALE 🚨
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
Reposted by Anant Shrivastava
With cloudflare being down, and as a result, most things I use being down, I came here to say hi 🤭 I guess I will use other AIs than chatgpt today!
November 18, 2025 at 1:23 PM
With cloudflare being down, and as a result, most things I use being down, I came here to say hi 🤭 I guess I will use other AIs than chatgpt today!
New version of #SBoMPlay is available cyfinoid.github.io/sbomplay/
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
SBOM Play - Client-Side Analysis
cyfinoid.github.io
November 10, 2025 at 8:31 AM
New version of #SBoMPlay is available cyfinoid.github.io/sbomplay/
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Reposted by Anant Shrivastava
#DEFCON34 Call for #CTF Organizers is OPEN!
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
DEF CON® Hacking Conference - Call for CTF Organizers
Nautilus Institute is passing the torch, will your group be the next CTF Overlords?.
defcon.org
October 9, 2025 at 11:11 PM
#DEFCON34 Call for #CTF Organizers is OPEN!
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
Final hours for Black Hat EU Early Bird! 🚨
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Black Hat
Black Hat
www.blackhat.com
September 25, 2025 at 11:47 PM
Final hours for Black Hat EU Early Bird! 🚨
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
We just dropped GH Navigator 🎉
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Introducing GH Navigator: Optimizing GitHub Security Tools
Discover how GH Navigator and KeyChecker enhance GitHub security by providing visibility and testing for both data and control planes.
cyfinoid.com
September 22, 2025 at 11:00 PM
We just dropped GH Navigator 🎉
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Reposted by Anant Shrivastava
“OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws”
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
September 21, 2025 at 10:04 AM
“OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws”
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
Everyone talking about npm hacks. But is it really more attacks or just more visibility?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
September 16, 2025 at 9:11 PM
Everyone talking about npm hacks. But is it really more attacks or just more visibility?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Reposted by Anant Shrivastava
#BSidesLDN205 Call for Workshops is still open!
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
September 8, 2025 at 8:11 AM
#BSidesLDN205 Call for Workshops is still open!
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Reposted by Anant Shrivastava
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
September 3, 2025 at 2:29 PM
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
Not Every Nail Needs a Non-Deterministic Hammer
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
blog.anantshri.info
August 30, 2025 at 6:50 PM
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
Hacker Vs Adversary
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
blog.anantshri.info
August 29, 2025 at 10:52 AM
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
What LLMs Teach Me About My Own Brain
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
blog.anantshri.info
August 28, 2025 at 5:00 AM
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
🔑 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
Enhance Software Security with KeyChecker for Developer Keys
Discover how 'keychecker' automates SSH key validation to enhance supply chain security for developers and defenders alike.
cyfinoid.com
August 22, 2025 at 5:47 AM
🔑 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
Its funny how current ai tooling plays out and a few years ago self help courses use to use this same tactic. We are giving you tool if you dont use it properly it will not give you result. So user pays you for stuff and if it doesnt work its their problem not yours.
July 30, 2025 at 10:00 AM
Its funny how current ai tooling plays out and a few years ago self help courses use to use this same tactic. We are giving you tool if you dont use it properly it will not give you result. So user pays you for stuff and if it doesnt work its their problem not yours.