Skip to content
View 7ealvivek's full-sized avatar
🎯
Focusing
🎯
Focusing
17 followers · 34 following

Highlights

  • Pro

Block or report 7ealvivek

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
7ealvivek/README.md

Vivek Kumar

Top 200 P1 Warrior CVE-2022-21500

Security Consultant | Recon | Bug Bounty Hunter

πŸ“« vivekkashyap0707@gmail.com β€’ πŸ“± +91 β€’ LinkedIn β€’ GitHub β€’ Bugcrowd

Professional Summary

Results-driven cybersecurity professional with 3+ years of hands-on experience in penetration testing, red teaming, vulnerability research, and large-scale recon automation. Recognized among the Top 200 P1 Warriors on Bugcrowd for identifying critical vulnerabilities and credited with CVE-2022-21500. I build custom tools and workflows that accelerate vulnerability discovery and improve reporting quality for enterprise clients.

πŸ”§ Technical Skills

  • Core Areas: Penetration Testing, Reconnaissance, Red Teaming, API Security, Mobile Security
  • Attack Techniques: SQLi, Blind SQLi, XSS, LFI, XXE, SSRF, RCE
  • Tools & Platforms: Burp Suite, OWASP ZAP, Nmap, sqlmap, Nessus, Acunetix, Metasploit, httpx
  • Languages & Scripting: Bash, Python
  • OS: Linux (Kali, Ubuntu), Windows
  • Cloud & Others: AWS security basics, Shodan, Censys, crt.sh

πŸš€ Selected Projects

OneSnap β€” Advanced Subdomain Enumeration & Recon Framework

  • Automated subdomain discovery using Chaos, C99.nl, and Shodan APIs.
  • Features: bulk/targeted scans, live host detection (httpx), rate-limited API handling.
  • Use: Rapid Zero-Day investigations and recon automation.

WildScope-Bounty β€” Black-Box Recon Tool

  • Trademark/org-based asset discovery using Shodan org, crt.sh SSL scraping, and aggressive SSL-based heuristics.
  • Supports both domain and organization-name inputs for wide-scope programs.

Ultimate URL Finder (UUF Tool)

  • Integrates subdomain discovery and vulnerability intelligence with Shodan/Censys integrations.
  • Produces prioritized URL lists for focused manual analysis.

Advance-Blind-SQLi

  • Automated blind SQL injection detection using time-based payloads across GET/POST.
  • Logs and groups vulnerable endpoints for triage and reporting.

RECONVIVEK

  • VPS-friendly recon pipeline combining subdomain enumeration, port scanning, and Telegram alerts for real-time notifications.

Repository tips: Explore the tools/ folder for scripts and docs/ for usage instructions and examples.

πŸ† Achievements & Certifications

  • Top 200 P1 Warrior β€” Bugcrowd
  • Published CVE: CVE-2022-21500 (Oracle)
  • Certifications: CRTP (Altered Security), OSCP (OffSec), eWPTX (INE Security)

πŸ’Ό Professional Experience

  • Associate Consultant β€” Offensive Security | NetSentries (NST Cyber) β€’ Jan 2025 – Present

  • Web/API/Infrastructure testing, black-box engagements, zero-day investigations, mobile scanning automation.

  • Bug Bounty Researcher | Bugcrowd, HackerOne, Intigriti β€’ Jan 2022 – Present

  • 500+ responsibly disclosed vulnerabilities across global targets (Oracle, Zoom, Mercedes-Benz, Amazon, FIS).

πŸ“š Education

B.Tech in Chemical Engineering (Minor: IT & Network Security) β€” Delhi Technological University (DTU) β€’ Jun 2022 – Jun 2026

Pinned Loading

  1. P1-URLs-High-Speed-Stealth-Edition P1-URLs-High-Speed-Stealth-Edition Public

    Python 1

  2. OneSnap OneSnap Public template

    A tool for enumerating a large number of subdomains, ideal for Zero-Day investigations and Bug Bounty hunting.

    Python 1