βββββββ βββ βββ βββββββ βββββββββββββββββ βββββββ βββ
ββββββββ βββ βββββββββββββββββββββββββββββ ββββββββ βββ
βββ βββββββββββββββ βββββββββββ βββ βββββββββ βββ
βββ ββββββββββββββ βββββββββββ βββ βββββββββββββ
ββββββββββββ ββββββββββββββββββββ βββ ββββββ ββββββ
βββββββ βββ βββ βββββββ ββββββββ βββ ββββββ βββββ
class BugHunter:
def __init__(self):
self.name = "Pavan Shanmukha Madhav Gunda"
self.alias = "The One They Didn't Patch In Time"
self.role = ["Bug Bounty Hunter", "Security Researcher", "Digital Locksmith"]
self.status = "Currently inside your network π (just kidding... maybe)"
self.superpower = "Seeing what developers hoped no one would ever see"
self.motto = "CVE me in, or CVE me out β I find them either way."
def current_mission(self):
return "Making the internet safer, one responsible disclosure at a time π"
def threat_to(self):
return ["Misconfigured servers", "Unpatched endpoints", "False sense of security"]
def NOT_a_threat_to(self):
return ["Your data", "Your users", "The good guys"]
me = BugHunter()
print(me.current_mission())
# Output: Making the internet safer, one responsible disclosure at a time πβEvery logo below is a company that trusted the internet. I showed them why they shouldnβt β then showed them how to fix it.β
| π― TARGET | π STATUS | π VERDICT |
|---|---|---|
| π’ Cognizant | SECURED β
|
Hall of Fame |
| π Amrita University | SECURED β
|
Acknowledged |
| π Havelock | SECURED β
|
Acknowledged |
| πΌ Talentd | SECURED β
|
Acknowledged |
| πΉοΈ Retro | SECURED β
|
Acknowledged |
| π Geethanjali College of Engg & Tech | SECURED β
|
Acknowledged |
| π Plotly | SECURED β
|
Hall of Fame |
| π Nike (Duplicate) | REPORTED π‘ |
Beaten by seconds |
| π» Dell (Duplicate) | REPORTED π‘ |
Beaten by seconds |
π¬ Nike and Dell: I found it. Someone else just found it 0.001 seconds before me. The bug was real. The timing was cruel. Thatβs bug bounty.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π§ OFFENSIVE TOOLKIT β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Recon β Subfinder β’ Amass β’ theHarvester β’ Shodan β
β Scanning β Nmap β’ Nuclei β’ Nikto β’ Burp Suite Pro β
β Fuzzing β ffuf β’ dirsearch β’ wfuzz β’ GoBuster β
β Exploits β Custom Scripts β’ Manual Analysis β’ Big Brainβ’ β
β Reporting β Markdown β’ PoC Videos β’ Responsible Disclosure β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β XSS ββββββββββββββββββββ 100% π Injected. β
β IDOR βββββββββββββββββββ 95% ποΈ Seen what you hid. β
β SSRF ββββββββββββββββββ 90% π Rerouted your trust. β
β SQLi ββββββββββββββββ 80% ποΈ Read your DB. β
β Auth Bypass βββββββββββββ 85% π Who needs a password? β
β Open Redirect βββββββββββ 75% βͺοΈ I'll take that redirect. β
β Recon ββββββββββββββββββββ β% π΅οΈ I never stop. β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
I don't break things.
I find the cracks that were already there
β before someone with worse intentions does.
Every bug I report is a disaster that didn't happen.
Every responsible disclosure is a user who didn't get compromised.
Every Hall of Fame mention is proof:
the best offense is a good defender.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β οΈ ALL SECURITY RESEARCH CONDUCTED ETHICALLY & LEGALLY β οΈ β
β β
β β All findings reported through proper disclosure channels β
β β No unauthorized access. Ever. Full stop. β
β β This profile is a portfolio, not a threat. β
β β If you're a company: your bug bounty program is welcome β
β β
β "With great recon comes great responsibility." β Pavan, prob. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β "Locks exist to keep honest people honest. β
β I just make sure yours actually works." β
β β
β β Pavan Shanmukha Madhav Gunda β
β Bug Bounty Hunter | Security Researcher β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ