NASA-Recognized Ethical Hacker | World’s #1 Hacker on TryHackMe Monthly Leaderboard | Building AI-Powered Security Tools
claude-bug-bounty. AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
3.9kpublic-skills-builder. Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln classes, no private reports needed
201web3-bug-bounty-hunting-ai-skills. 18 Claude Code skill files for smart contract security — built from 2,749 Immunefi reports, 681 DeFiHack reproductions, and real hunt experience
104bug-bounty-report-generator. Python
12cve-hunter. Python
8vuln-scanner. Shell
6shuvonsec.
5BugBountyBooks. A collection of PDF/books about the modern web application security and bug bounty.
5Bug-Bounty-Beginner-Roadmap. This is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.
4vulnerability-Checklist. This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter
4Mind-Maps. Mind-Maps of Several Things
4mdshuvon. Config files for my GitHub profile.
3IoTGoat. IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
3ODIN. Automated network asset, email, and social media profile discovery and cataloguing.
3ScamShield.my. A two-sided, AI-powered security product for Malaysia-first, ASEAN-next. It stops scams for normal people and auto-hardens small business websites without needing a SOC. Open core on GitHub, SaaS on Vercel. It’s useful on day one, not after a thousand inspirational LinkedIn posts.
2zero-day-fuzzer. Python
2shodan-filters. A list of shodan filters
2retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
2x8. Hidden parameters discovery suite
2waybackurls. Fetch all the URLs that the Wayback Machine knows about for a domain
2PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
2bbtech.shop. JavaScript
1skills-introduction-to-github. My clone repository
1full-hunt-pipeline. Shell
1bug-bounty-hunt. Python
1full-target-hunt. Shell
1bug-bounty-validator. Python
1ai-copilot-payload-builder. Python
1google-dork-runner. Python
1bug-bounty-target-selector. Python
1