Skip to content
View hunt-with-4bh1's full-sized avatar

Sponsors

@codemod

Block or report hunt-with-4bh1

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
hunt-with-4bh1/README.md

Typing SVG

Typing SVG

Typing SVG

Profile Views GitHub followers


👤 About Me

┌──(4bh1㉿kali)-[~]
└─$ whoami

🛡️ Cybersecurity professional specializing in penetration testing and web application security. Ranked Top 6% globally on TryHackMe with hands-on experience in VAPT, red team labs, Python-based security automation, and real-world bug bounty findings — including a Critical RCE (CVSS 9.1) across multiple programs.

Name       : Abhay Kumar
Role       : Penetration Tester | Bug Bounty Hunter | Security Researcher
Education  : BCA (AI & ML) — Maharishi Markandeshwar University (2024–2027)
Currently  : Preparing for CPENT Certification
Open To    : Bug Bounty Collaboration | Open Source Security Projects

🏆 Bug Bounty — Valid Findings (10+)

🔒 Program names are kept confidential per responsible disclosure policy.

# Vulnerability Type Severity Impact Reward
01 Command Injection → Remote Code Execution (CVSS 9.1) 🔴 Critical Arbitrary shell command execution via unsanitized CLI params $100
02 Privilege Escalation via SECURITY DEFINER 🔴 Critical Billing manipulation, RLS bypass for arbitrary credit access $100
03 SSRF + Privilege Escalation via Path Traversal 🟠 High Server-Side Request Forgery in builder upload proxy $50
04 Path Traversal → Arbitrary File Write → Web Shell Upload 🟠 High RCE via unsanitized PHP API field enabling web shell $30
05 API Endpoint Injection + Unauthenticated MCP Access 🟡 Medium Unauthorized tool execution via exposed MCP endpoint $20 + HoF
06 Path Traversal in SDK 🟡 Medium Management SDK path injection vulnerability HoF
07 Data Sanitization Vulnerability 🟡 Medium Source code review — geocoding plugin data exposure $50
08 HTTP Parameter Pollution 🟡 Medium Geosearch service parameter manipulation $50
09 SSRF via Upload Proxy 🟠 High Internal network access through file upload endpoint
10 Privilege Escalation via Path Traversal 🟠 High Unauthorized access to restricted resources

💰 Total Disclosed Earnings: $500+ | Hall of Fame: 2 Programs


🛠️ Tech Stack & Tools

🔐 Security Skills

Penetration Testing VAPT Bug Bounty Red Team OWASP Top 10 CVE Analysis CVSS Scoring

🧰 Security Tools

Burp Suite Nmap Metasploit OWASP ZAP SQLmap Wireshark Nikto Hashcat

💻 Programming & Web

Python JavaScript Flask HTML5 CSS3 REST API

🖥️ Platforms & OS

Kali Linux Linux TryHackMe GitHub


🚀 Featured Project

🦅 WebHawk — Web Vulnerability Scanner

Python · Flask · REST API · Multithreading

Automated web vulnerability scanner with a multithreaded scanning engine that detects SQL Injection, XSS, and Command Injection — complete with a structured REST-based HTML reporting dashboard.

View on GitHub Sponsor

✅ SQL Injection Detection
✅ XSS (Cross-Site Scripting) Detection
✅ Command Injection Detection
✅ Multithreaded Scanning Engine
✅ Automated HTML Reporting Dashboard

📊 GitHub Stats


🎖️ Certifications & Achievements

Certification Issuer
🏅 Certified Social Engineering Defense Practitioner (CSEDP) The SecOps Group
🏅 Certified Red Team Operations Management (CRTOM)
🏅 Certified Cybersecurity Educator Professional (CCEP)
🏅 Certified Phishing Prevention Specialist (CPPS)
🏅 Network Security Associate OPSWAT Academy
🏅 Web Traffic Protection Associate OPSWAT Academy
🏅 Cybersecurity Fundamentals Associate OPSWAT Academy
🏅 Career Essentials in Cybersecurity Microsoft & LinkedIn
🏅 Hands-On Penetration Testing Infosys Springboard
🌐 Hall of Fame (x2) Multiple Bug Bounty Programs
🔴 Top 6% Global Ranking TryHackMe

📚 Currently Learning

┌──(4bh1㉿kali)-[~/learning]
└─$ cat roadmap.txt
  • 🎯 CPENT (Certified Penetration Testing Professional) — Active exam prep
  • 🔬 Advanced Exploit Development & Post-Exploitation Techniques
  • ☁️ Cloud Security & AWS Penetration Testing

🤝 Open to Collaborate On

opportunities = [
    "🐛 Bug Bounty Hunting (Web App, API, Source Code Review)",
    "🔓 Open Source Security Tools & Automation",
    "🏴 CTF Teams & Red Team Exercises",
    "🛡️ Responsible Disclosure & Security Research",
]

🌐 Connect With Me

Portfolio LinkedIn GitHub Sponsors TryHackMe Email


┌──(4bh1㉿kali)-[~]
└─$ echo "Thanks for visiting! Let's make the web more secure. 🛡️"

"The quieter you become, the more you are able to hear." — Kali Linux

Wave

Pinned Loading

  1. WebHwak WebHwak Public

    Python-based web security automation tool with crawling, scanning, and reporting.

    Python 2 1