About
Hello, I'm Mubarak, an aspiring cybersecurity engineer and an entry-level Django/FastAPI developer. I'm passionate about cybersecurity, scripting, and generally making and breaking systems with Python, Django, and FastAPI.
02
Selected Projects
2026
drop
C / Cryptographydrop
Secure peer-to-peer file transfer with no accounts and no cloud. Encrypts everything end-to-end using XChaCha20-Poly1305 with X25519 key exchange and Argon2id key derivation. Both peers authenticate via a shared 3-word code — whoever has the code can decrypt. Every file is integrity-checked with BLAKE2b-256.
Key Features
- Zero Infrastructure: Direct P2P over TCP, no servers involved.
- Strong Encryption: XChaCha20-Poly1305 + X25519 + Argon2id.
- Wordcode Auth: Human-readable 3-word shared secret for key derivation.
- Integrity Verified: BLAKE2b-256 hash checked on every file.
- Multi-file Support: Send files, directories, or mixed batches in one transfer.
terminal
# Sender listens and gets a wordcode
drop send secret.pdf
# => code: 472-falcon-ridge-ember
# Receiver connects with the code
drop receive 472-falcon-ridge-ember -c 10.0.0.1 -o ~/downloads/Tools Used
2026
LazyHooks
Python / Webhooks
LazyHooks
The easy way to handle webhooks in Python. Includes automatic retries, signing, and verification. Built on asyncio and aiohttp for high performance.
Key Features
- Simple API: Send webhooks with minimal boilerplate.
- Async First: Built for high concurrency.
- Secure: Built-in HMAC-SHA256 signing.
- Reliable: SQLite persistence & automatic retries.
example.py
import asyncio
from lazyhooks import WebhookSender
async def main():
sender = WebhookSender(signing_secret="super-secret")
await sender.send("https://example.com/webhook", {
"event": "user_signup",
"user_id": 12345
})
asyncio.run(main())Tools Used
2026
Boyscout
Python / SecurityBoyscout
A persistent, stealth device tracker for Windows built in case my laptop ever gets stolen. Controlled entirely via Telegram — send a command and get back the device's location, public IP, hostname, and OS info. Survives reboots through Registry and Scheduled Task persistence, and has a built-in watchdog that restarts the process if it crashes.
Key Features
- Telegram Control: Command the tracker remotely via bot commands.
- Geolocation: IP-based location with reverse geocoding.
- Stealth Mode: Runs hidden with a disguised process name.
- Persistence: Registry + Scheduled Tasks survive reboots.
- Watchdog: Auto-restarts on crash.
telegram
/location — Get current device location
/info — Hostname, OS version, public IP
/start — Show help menuTools Used
2026
Mirage
Python / Red TeamMirage
Red team site cloner and phishing simulation framework for authorized engagements. Clones target sites recursively, serves them with credential capture hooks, and supports a reverse proxy relay mode that sits between the target and the real server — capturing credentials, session cookies, and MFA tokens in real time. Includes full campaign management, email delivery with tracking, and HTML/JSON reporting.
Key Features
- Site Cloning: Async recursive crawler rewrites URLs and injects capture hooks.
- Reverse Proxy Relay: MitM mode captures credentials, cookies, and MFA tokens live.
- Campaign Management: CSV target import, templated emails, tracking pixels and click tracking.
- Guardrails: Mandatory engagement ID, domain whitelist, and full JSON-lines audit log.
- Reporting: Generate HTML or JSON reports with full engagement timeline.
terminal
# Initialize engagement with scoped domains
mirage init -e "ENG-2026-001" -d "login.target.com" -o "operator"
# Clone the login page
mirage clone -t https://login.target.com -o ./site
# Or use reverse proxy relay for real-time token capture
mirage proxy -t https://login.target.com -l 443 --ssl
# Run campaign and review results
mirage campaign send -n "Q1-Phish" --smtp smtp.relay.com
mirage report generate -n "Q1-Phish" --format htmlTools Used
2026
Whanka
C / EsolangWhanka
A small, Turing-complete esoteric programming language with provocatively English-like
syntax. The interpreter is written in C11 with no external dependencies and builds to a
single executable. Programs use .aids source files and the language
supports variables, conditionals, loops, user-defined functions, and basic I/O.
Key Features
- Turing-Complete: Full control flow — conditionals, loops, functions.
- Zero Dependencies: Pure C11, single-executable build.
- Dynamic Values: Numbers and strings handled at runtime.
- Cross-platform: Builds on Linux, macOS, Windows, and Termux.
hello.aids
enough foreplay
yell "hello world"
I came.
regards.Tools Used
2026
NanoRAG
Python / RAGNanoRAG
A lightweight RAG (Retrieval-Augmented Generation) pipeline for querying markdown documents using an LLM via OpenRouter. Supports both an interactive CLI and a FastAPI HTTP server. Documents are ingested into a vector store and retrieved at query time to ground the model's responses in the actual document content.
Key Features
- Document Ingestion: Indexes
.mdfiles into a vector store. - CLI + API: Interactive terminal mode and a FastAPI server with Swagger docs.
- Model-agnostic: Pass any OpenRouter model via CLI flag or request body.
- Incremental Updates: Rebuild vector store from scratch or add to it.
terminal
# Ingest your docs
python src/ingest.py
# Query interactively
python src/cli.py "What is RAG?"
# Or run the API server
python src/api.py # POST /query, POST /ingestTools Used
2025
Markets InfoBot
Python / BotsMarkets InfoBot
A lightweight Telegram bot for checking live cryptocurrency prices directly inside Telegram. Pulls real-time market data from the public Binance API — no dashboards, no charts, no noise. Designed to be low-resource and easy to deploy locally or on cloud platforms like Heroku.
Key Features
- Live Prices: Real-time data pulled directly from Binance.
- Simple Interface: Single command —
/price BTCUSDT. - Lightweight: Minimal resource usage, deployable anywhere.
- Heroku-ready: Includes Procfile and runtime config.
telegram
/price BTCUSDT — Get current Bitcoin price
/price ETHUSDT — Get current Ethereum price