Malaysia

Md Shariar Shanaz Shuvon

Elite
@shuvonsec

NASA-Recognized Ethical Hacker | World’s #1 Hacker on TryHackMe Monthly Leaderboard | Building AI-Powered Security Tools

claude-bug-bounty. AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

3.9k

public-skills-builder. Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln classes, no private reports needed

201

web3-bug-bounty-hunting-ai-skills. 18 Claude Code skill files for smart contract security — built from 2,749 Immunefi reports, 681 DeFiHack reproductions, and real hunt experience

104

bug-bounty-report-generator. Python

12

cve-hunter. Python

8

vuln-scanner. Shell

6

shuvonsec.

5

BugBountyBooks. A collection of PDF/books about the modern web application security and bug bounty.

5

Bug-Bounty-Beginner-Roadmap. This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.

4

vulnerability-Checklist. This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

4

Mind-Maps. Mind-Maps of Several Things

4

mdshuvon. Config files for my GitHub profile.

3

IoTGoat. IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

3

ODIN. Automated network asset, email, and social media profile discovery and cataloguing.

3

ScamShield.my. A two-sided, AI-powered security product for Malaysia-first, ASEAN-next. It stops scams for normal people and auto-hardens small business websites without needing a SOC. Open core on GitHub, SaaS on Vercel. It’s useful on day one, not after a thousand inspirational LinkedIn posts.

2

zero-day-fuzzer. Python

2

shodan-filters. A list of shodan filters

2

retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

2

x8. Hidden parameters discovery suite

2

waybackurls. Fetch all the URLs that the Wayback Machine knows about for a domain

2

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

2

bbtech.shop. JavaScript

1

skills-introduction-to-github. My clone repository

1

full-hunt-pipeline. Shell

1

bug-bounty-hunt. Python

1

full-target-hunt. Shell

1

bug-bounty-validator. Python

1

ai-copilot-payload-builder. Python

1

google-dork-runner. Python

1

bug-bounty-target-selector. Python

1
30
Apply