Cybersecurity roots
My journey into cybersecurity began in 2012. I dove into penetration testing, explored system and application vulnerabilities, and joined Capture The Flag events, SQLi/XSS challenges, and cyberwar simulations.
Featured Android app provider
Building practical web and mobile apps for real-world use.
The Joloto Project is a web and mobile development studio creating Android apps, developer tools, and practical products for security learning, music, and daily workflows.
150k+combined downloads
Top ratedAndroid tools
App spotlight
PentestKit Mobile and WeGuitar
Two featured apps from a growing collection of practical mobile tools.
PentestKit Mobile100k+ downloads
WeGuitar50k+ downloads
Security LabsOpen-source utilities
About The Joloto Project
@thejolotoproject is the personal brand of John Lodan Tojot, the developer behind WeGuitar, PentestKit Mobile, and security-focused learning tools.
My work spans planning architecture, converting UI designs into responsive web pages, building APIs, processing data, integrating databases, and deploying applications across servers and domains.
Offensive security mindset
Offensive Security quickly became my favorite focus area. Back in the day, I used BackTrack 5 before Kali Linux 1.0 was released. I built local security labs, tested scripts, and studied 0-day exploits from Exploit-DB in controlled environments.
Software engineering
In 2017, I transitioned into software engineering, building systems from the ground up: architecture, responsive interfaces, APIs, data processing, database integration, and full-stack application development.
Deployment and operations
Over time, I expanded into DevOps, handling server setup, domains, and deployments, a role I continue to carry through my work today.
Music and OPM
Outside of tech, I enjoy playing guitar, bass, drums, and keyboards. I love classics from the 90s and OPM, which also inspired WeGuitar for musicians who need lyrics and chords quickly.
Projects
Featured apps from The Joloto Project.
A focused collection of Android apps, security utilities, and learning resources built for real users.
PentestKit Mobile
A mobile toolkit for security learners, bug bounty hunters, students, and developers who want to understand how real-world vulnerabilities work.
100k+ downloads5.0 rating
WeGuitar
A music companion for guitarists, vocalists, session players, and OPM fans who need lyrics and chords quickly.
50k+ downloads4.8 rating
Blog & tutorials
Security writeups for developers and learners.
Practical articles about responsible security testing, offensive security concepts, and how developers can defend their own applications by understanding real attack paths.
Responsible testingWhat is Pentestkit Mobile? – Your All-in-One Toolkit for Mobile Penetration Testing?
A mobile toolkit for security enthusiasts — scan, exploit, and manage compromised servers all from your phone.
Responsible testingHow to Perform Local File Inclusion (LFI), Achieve Remote Code Execution (RCE), and Root a Server Using Pentestkit Mobile.
[W/ Youtube Video] A step-by-step guide to exploiting LFI, escalating to RCE, and rooting a server using PentestKit Mobile.
Responsible testingHow to Perform Offensive Security & Compromised a Web Server using PentestKit Mobile
[W/ Youtube Video] See how to used PentestKit Mobile to scan, exploit, and gain persistent access to a vulnerable web server.
Responsible testingUnderstanding Time-Based Blind RCE: Exploiting Without Seeing Output.
Learn how attackers exploit servers using time-based blind RCE when no output is visible.
User wall
What users say about the tools.
Real feedback from people using PentestKit Mobile and other Joloto Project apps.