Security researcher specializing in web application penetration testing and bug bounty hunting. I uncover authentication flaws, race conditions, XSS, IDOR, SSRF, and business logic vulnerabilities across responsible disclosure programs.
I am a security researcher focused on web application penetration testing and bug bounty hunting. I actively test live applications to uncover vulnerabilities including authentication bypasses, race conditions, XSS, IDOR, SSRF, SQL Injection, and business logic flaws.
My methodology combines deep manual analysis with automated reconnaissance. I have secured 10+ organizations through responsible disclosure and earned Hall of Fame recognition across multiple programs on Intigriti, Bugcrowd, and private responsible disclosure programs.
I also build open-source tooling — including ReconDragon-X-Ultimate — to streamline bug bounty recon workflows for the community.
Automated bug bounty reconnaissance framework built with shell scripting. Integrates Subfinder, PureDNS, MassDNS, HTTPX, GAU, Waybackurls, Hakrawler, Arjun, FFUF, and Nuclei into a unified workflow. Generates reports and sends Telegram notifications on scan completion.
View on GitHub →Technical write-ups covering real-world vulnerability discoveries, exploitation techniques, and bug bounty methodology from live programs and responsible disclosures.
Read on Medium →