utkarsh24122 Goto Github PK

Hi There 👋

• 🕸 Web Application Penetration Tester
• 📱 Android & iOS Application Security
• ☁ Cloud & API security
• 💻 NCIIPC Contributor
• 🐱‍👤 Bug Bounty Hunter
• 🐼 High Severity Bug Submissions in PUBG, Mastercard and many more
• 😋 Pentesting Automation tools (Bash and Python)
• 📑 Resume: View

• Python

• Shell/Bash Scripting

• C

• C++

• Java

• VulnHunt : Find CVEs, Subdomain Takeovers, XSS, SQLi, Sensitive files/directories and many more. Check Features
• apknuke : Find vulnerabilities in Android Applications : Static Analysis : Template based Scanning. Check Features
• JSEnum : Find Secrets, leaks, XSS & more in JavaScript files : Enumerate JS Files of a target & Subdomains. Check Features
• ApkAnalyzer : Python script to find Vulnerabilities in Android Applications.
• Shufti : Latest Recon Workflow Framework. NOT "Just another recon tool" . Check Features
• get-api : Enumerate API Endpoints of multiple targets for further exploitation. Check Screenshots
• s3extractor : Finds s3 buckets of a target and its subdomains and checks s3 bucket permissions through aws cli.
• get-GraphQL Enumerate GET-based GraphQL endpoints of multiple targets for further exploitation.
• All Projects

🌐 utkarsh24122.gitbook.io

I have written a few writeups of some of the intersting vulnerabiities that I have found so far in my penetration tests & bug bounty journey in my gitbook

(It only contains few of the interesting ones so far )

Contents:

1. Finding Security Vulnerabilities in Android Applications
2. API Endpoints lead to Sensitive Information Disclosure and PII leakage of Employees
3. HTTP Dangerous Methods Enabled - P1
4. Subdomain Takeover
5. Cross Site Scripting
6. 2FA bypass - Bruteforce Protection Bypass & Response Manipulation
7. Account Highjack
8. OAuth Misconfiguration
9. Open Redirect - Manual & Automated detection