# Projects

OSS work at ProjectDiscovery — Nuclei, Alterx, and the rest of the toolkit — plus AI-security research and the tools that got him hired.

## projectdiscovery oss

- [Nuclei](https://github.com/projectdiscovery/nuclei) — Fast, customizable vulnerability scanner built on a YAML template DSL. 7th all-time contributor (175 contributions) on a flat core team — authored the v3 Go SDK ([#4104](https://github.com/projectdiscovery/nuclei/pull/4104), ~10 lines to integrate), proposed multi-protocol template execution, and co-developed the JavaScript scripting engine (goja, [#4109](https://github.com/projectdiscovery/nuclei/pull/4109) — 8,616 lines across 124 files, 15+ protocol libraries: SSH, MySQL, Redis, LDAP, SMB, Postgres) and flow. Later drove v3.2's fuzzing, authenticated scanning (-secret-file, OAuth) and ECDSA template signing, plus a 40–70% scan-speed improvement ([#5148](https://github.com/projectdiscovery/nuclei/pull/5148)). `go · ~29k★ · core maintainer`
- [Alterx](https://github.com/projectdiscovery/alterx) — Pattern/DSL-based subdomain permutation generator: define a small grammar of custom patterns instead of a static wordlist, and it expands them into candidate hostnames for active enumeration ahead of a scan. `go · ~940★ · author`
- [Subfinder, Katana, httpx, tlsx, Cloudlist, Cvemap](https://github.com/projectdiscovery) — Continued contributions across ProjectDiscovery's OSS toolkit: SARIF output, AWS SigV4 support, and the PDCP dashboard in httpx; OpenSSL/OCSP handling and cipher detection in tlsx; new sources and wildcard-certificate detection in Subfinder. `go · katana ~16.4k★ · tlsx ~1,087★`

## ai-security research

- [Neo — evals & benchmarking](https://projectdiscovery.io/blog/neo-black-box-dast-capabilities) — PD's offensive-security AI agent. Works on the run-level harness, annotation and evals at scale, and trace-level observability that show what Neo actually did on a target — not just whether it succeeded. Published: 85% (51/60) on Argus under a hardened black-box methodology, and a 189-run behavioral audit of offensive-security LLM runs, to be presented at BSides Las Vegas 2026. `neo · 85% (51/60) argus · 189 runs audited`

## earlier tools

- [Talosplus](https://github.com/tarunKoyalwar/talosplus) — Template-based recon-automation framework in Go: annotates plain bash scripts (@vars, #modules) into a Go-managed parallel execution graph, with MongoDB/BBoltDB persistence, Discord notifications, and stop/resume for long-running scans. Taught him the most Go of anything he'd built — one of the two tools that got him hired at ProjectDiscovery. `go · ~92★ · last commit mar 2023`
- [Sandman](https://github.com/tarunKoyalwar/Sandman) — Note-taking and target-tracking GUI for pentesters, written in Go and wired into his recon pipeline so findings from Talosplus runs landed somewhere structured. Built to learn the language — the other tool that got him hired. `go · ~42★ · archived`

---

tarun@no-ide.dev · [github](https://github.com/tarunKoyalwar) · [x](https://x.com/KoyalwarTarun) · [linkedin](https://www.linkedin.com/in/tarun-koyalwar) · [medium](https://medium.com/@zealousme)

agents start at [/agents.md](/agents.md)
