Panagiotis Chartas is a Senior Penetration Tester based in Poland with five years of hands-on experience in red team engagements, network and web application testing, and developing offensive security tooling. He combines client-facing security consulting with prolific open-source development—authoring Python tools like psudohash for high-speed password mutations and hoaxshell/Villain components for covert reverse shells and C2 orchestration. At KMD Poland and prior roles at DB Schenker and Aristi Consulting he has delivered PoC exploits, automated payloads, and compliance-focused security assessments (ISO 27001/PCI-DSS). He also produces educational content on YouTube, translating complex offensive techniques into approachable tutorials. Notably, his repos show practical cross-platform experience in Python and PowerShell and a focus on evasion, payload customization, and data exfiltration techniques that bridge research and real-world testing.
5 years of coding experience
5 years of employment as a software developer
Bachelor's degree, Information Technology, Bachelor's degree, Information Technology at Hellenic Open University
An XSS exploitation command-line interface and payload generator.
Role in this project:
Security Engineer
Contributions:65 commits, 1 PR, 44 pushes in 8 months
Contributions summary:Panagiotis primarily contributed to the development of toxssin, an XSS exploitation CLI and payload generator, by updating the core functionality of the Python script (toxssin.py), JavaScript handler (handler.js/toxin.js), and adding custom scripts. They implemented features related to intercepting and logging form submissions, server responses, and table data. The updates involve modifications to the JavaScript code for command parsing and execution, as well as refinements in the Python code for handling and processing data related to XSS attacks.
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
Role in this project:
Back-end Developer & Security Engineer
Contributions:1 review, 127 commits, 12 PRs in 4 months
Contributions summary:Panagiotis's primary contribution was the creation and subsequent modification of the core Python script, `hoaxshell.py`, which functions as a reverse shell payload generator and handler. They implemented the essential functionalities for establishing and managing the reverse shell connection using HTTPS. The user also made several modifications to the associated PowerShell payload scripts (`https_payload.ps1`, `http_payload.ps1`, and derivative files), suggesting expertise in both Python (back-end) and PowerShell (payload implementation and security). The user also made changes which improve security.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.