Hi There 👋
- 🕸 Web Application Penetration Tester
- 📱 Android & iOS Application Security
- ☁ Cloud & API security
- 💻 NCIIPC Contributor
- 🐱👤 Bug Bounty Hunter
- 🐼 High Severity Bug Submissions in PUBG, Mastercard and many more
- 😋 Pentesting Automation tools (Bash and Python)
- 📑 Resume: View
- VulnHunt : Find CVEs, Subdomain Takeovers, XSS, SQLi, Sensitive files/directories and many more. Check Features
- apknuke : Find vulnerabilities in Android Applications : Static Analysis : Template based Scanning. Check Features
- JSEnum : Find Secrets, leaks, XSS & more in JavaScript files : Enumerate JS Files of a target & Subdomains. Check Features
- ApkAnalyzer : Python script to find Vulnerabilities in Android Applications.
- Shufti : Latest Recon Workflow Framework. NOT "Just another recon tool" . Check Features
- get-api : Enumerate API Endpoints of multiple targets for further exploitation. Check Screenshots
- s3extractor : Finds s3 buckets of a target and its subdomains and checks s3 bucket permissions through aws cli.
- get-GraphQL Enumerate GET-based GraphQL endpoints of multiple targets for further exploitation.
- All Projects
I have written a few writeups of some of the intersting vulnerabiities that I have found so far in my penetration tests & bug bounty journey in my gitbook
(It only contains few of the interesting ones so far )
Contents:
- Finding Security Vulnerabilities in Android Applications
- API Endpoints lead to Sensitive Information Disclosure and PII leakage of Employees
- HTTP Dangerous Methods Enabled - P1
- Subdomain Takeover
- Cross Site Scripting
- 2FA bypass - Bruteforce Protection Bypass & Response Manipulation
- Account Highjack
- OAuth Misconfiguration
- Open Redirect - Manual & Automated detection