Author Image

~/Hi, I am JoMar

Joshua Martinelle

Research Engineer at Tenable™.

Hacker at heart and as a Research Engineer at Tenable, I bring my passion for cybersecurity to my work every day. With a background in bugbounty, I have a unique perspective on how to identify and remediate potential threats to systems. I have contributed to several projects, including the development of new open source tools, scripts or the discovery of vulnerabilities.

I am a self-taught who is constantly seeking out new opportunities to grow and develop my skills. Whether it’s through training or hands-on experience, I have a drive to stay ahead of the curve in my field. With my combination of technical aptitude and passion for the industry.

I will continue to work on exciting projects and pursue new challenges, always with a commitment to the field that will only continue to grow. Whether I am working on open source tools, participating in bugbounties, or simply sharing my knowledge with others.

Hard Working
Team Work
Fast Learner
Problem Solving



Research Engineer

Feb 2021 - Present, Remote

Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus.

  • Development of plugins for the Web Application Scanner solution
  • Vulnerability analysis
  • Creation of lab and proof of concept


Sept 2018 - Jan 2021, Rennes

Consulting firm in digital transformation and information systems security.

  • Internal and external penetration tests
  • Technical training
  • Vulnerability management
  • Project management

System and network administrator

Sept 2017 - Sept 2018, Laval

Libricks analyses and contributes to the main Free (Open Source) IT projects.

  • Installation and administration of infrastructures based on open source solutions
  • Project management

System and network administrator

Sept 2015 - Sept 2017, Laval

Training center for young people in various trades such as food service

  • Management of a computer park with mainly Windows services (AD, Exchange, SQL Server, …)
  • Project management


Author May 2023 - Present

Subdomain enumeration tool with results organized by vHost rather than by URL

Author May 2023 - Present

Simple ruby script/library to extract bugbounty scopes

Author Jan 2023 - Present

Simple Ruby library to filter out duplicate or uninteresting URls

Author Aug 2022 - Present

Simple Ruby library to manage Scaleway servers

InteractSH Library
InteractSH Library
Author Dec 2021 - Present

Ruby Library to use ProjectDiscovery Interactsh in pure Ruby

Author Jul 2021 - Present

API built with Ruby On Rails for recognition management and focus on subdomain discovery. Enables efficient, fast and task-distributed subdomain discovery with distributed tasks in the cloud.

Author Jan 2020 - Present

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list)

Author Arp 2020 - Present

Converted the text list to binary to save space

Author Feb 2019 - Nov 2020

Simple shell script for automated domain recognition with some tools (Archived)

Contributor Aug 2020 - Mar 2021

Simple vulnerable site, created by a beginner for beginners. This vulnerable site covers several vulnerabilities some from real bugbounty cases encountered in bugbounty.

Contributor Dec 2020 - Mar 2021

Facilitate the management of your reports as well as collaborative work by providing a web-based solution.

Latest Posts

External Contributions

Identifying XML External Entity
Tenable 20 June 2022

Modern applications have more and more tendencies to process data from user-supplied inputs, directly or indirectly. A side effect of this data processing opens the door for attackers to exploit XML External Entity, a complex vulnerability with many vectors.

Identifying Server Side Request
Tenable 18 Nov 2021

Modern web applications are designed with different services — like internal and external application programming interfaces (APIs), microservices and databases — that communicate and share data with each other. These web applications provide end users with convenient features, such as loading external content.

Mass assignment and learning new things
BugBountyHunter 19 Sept 2021

Blog Post for bug hunters that explains my methodology to learn new things with a concrete case with the “Mass Assignment” vulnerability

My Methodology during Firstblood
BugBountyHunter 17 July 2021

Blog Post that presents the methodology I used during an event to detect almost all bugs without using any particular tool


Jan 2023
Unauthenticated Cross-Site-Scripting on WP Helper Lite
Jan 2023
Unauthenticated Cross-Site-Scripting on Login with Phone Number
Jan 2023
Unauthenticated Cross-Site-Scripting on Quick Event Manager
Jan 2023
Authenticated SQL Injection on Survey Maker
Jan 2023
Unauthenticated SQL Injection on Easy Digital Downloads
Jan 2023
Unauthenticated SQL Injection on Paid Memberships Pro
Sept 2022
Open Redirect on RStudio Connect
May 2022
Unauthenticated SQL Injection on Metasonic Doc WebClient
Multiple vulnerabilities in the Galette project including SQL Injection as well as multiple stored XSS & CSRF
Multiple vulnerabilities including several CSRF and an RCE reported on the uSVN project in collaboration with Serizao
Jul 2020
Information exposure in the upload directory on PrestaShop
Top 3 in duo with Reptou during a live event.