Penetration tester | Bug Bounty Hunter
Joined January 2020
- Tweets 320
- Following 494
- Followers 325
- Likes 111
95 Photos and videos
Pinned Tweet
Most "AI for cybersecurity" products are just chat interfaces.
I wanted to build one that actually does the work.
So I built Xalgorix—an open-source AI pentesting agent that orchestrates 70 security tools.
600 GitHub stars.
MIT licensed.
GitHub ↓
1
1
4
2,716
Most "AI for cybersecurity" products are just chat interfaces.
I wanted to build one that actually does the work.
So I built Xalgorix—an open-source AI pentesting agent that orchestrates 70 security tools.
600 GitHub stars.
MIT licensed.
GitHub ↓
1
1
4
2,716
Krishna Kumar retweeted
Most "AI for cybersecurity" products are just chat interfaces.
I wanted to build one that actually does the work.
So I built Xalgorix—an open-source AI pentesting agent that orchestrates 70 security tools.
600 GitHub stars.
MIT licensed.
GitHub ↓
1
1
4
2,716
Mar 31
How to Learn Web & API Hacking in 2026: The Complete Roadmap
#BugBounty #Cybersecurity #Programming #Technology #WebSec
xalgord.medium.com/how-to-le…
45
Feb 12
The Logic Flaw That Leads to Total Control: Mastering Account Takeovers in 2026 infosecwriteups.com/the-logi…
36
12 Dec 2025
Releasing React2Shell - A new standalone exploit for CVE-2025-55182.
🔗 GitHub: github.com/xalgord/React2She…
#Infosec #CyberSecurity #RedTeam #ExploitDevelopment #NextJS #CVE202555182 #Python #PenTest
95
11 May 2025
Checkout "How to Rotate Your IP Address & Stay Anonymous System-Wide on Windows (2025 Guide)" #BugBounty #cybersecurity #Hacking
youtu.be/aDz81Whqp7o
103
28 Apr 2025
An SQL dump file (mysql.sql) was exposed at "http:// SUB.REDACTED .net/ wp-content/mysql.sql", revealing sensitive information like user credentials and API keys.
Tip: Create a custom wordlist instead of using common ones.
#bugbounty #CyberSecurity #hacking
49
23 Apr 2025
Made a POC for How I was able to access AWS metadata service from outside the EC2 Instance. #bugbounty #CyberSecurity
youtu.be/LKMgZFJoa6c?si=Up76…
1
57
1 Nov 2024
I just published Comprehensive Bug Bounty Hunting Methodology (2024 Edition) link.medium.com/9tFgP3xgaOb
#bugbountytip #bugbounty #Hacking #CyberSecurity
2
107
Advanced SQL Injection Techniques now available in GitBook. Make a copy/ Archive / Convert to PDF before they report this too :).
#bugbountytip #BugBounty #SQLInjection #SQLi
nav1n0x.gitbook.io/advanced-…
10
193
684
46,726
Krishna Kumar retweeted
10 Sep 2023
Bug Bounty Tip
List of localhost addresses for SSRF bypass
🔹http://localhost
🔹http://127.1
🔹http://127.0.0.0
🔹http://127.0.0.1
🔹http://2130706433
🔹http://0177.1
🔹http://0x7f.1
🔹http://127.000.000.1
🔹http://localtest .me
🔹http://[::1]
🔹http://[::]
Cheers!
12
214
958
71,869
16 Aug 2023
2
160
11 Aug 2023
Found a stored XSS in 15 minutes.
Payload used: "></div><a/href="j	a	v	asc	ri	pt:alert(document.cookie)">
#bugbounty #cybersecurity #penetrationtesting
1
3
259
1 Aug 2023
XSS via Comment Bypass. The reflected payload was commented out in the source code like this: <!-- <h1>test</h1> -->. So, I used this payload to uncomment the code: --><h1>test</h1>. Now the source code becomes this: <!----><h1>test</h1> and it works. #bugbounty #xss #Pentesting
2
205
28 Jul 2023
Found an XSS in a VDP using paramspider, gau, waybackurls, and kxss #XSS #BugBounty
2
1
357
15 Jul 2023
- test login functionality, try some SQL injections or run sqlmap, try changing user privileges
- try to strip off authorization headers from the request
- test every input field for injection attacks with different payloads, try to bypass filters
1
138
15 Jul 2023
- Check for tokens are set to httponly or not
- Try adding or changing application request headers
- Anything you can modify or change should be tested
81