Offensive Security Researcher · Penetration Tester
Building practical security tooling - from discovery to exploitation to reporting.
- Web & API security testing (manual-first, automation-assisted)
- Mobile security (Android/iOS) & traffic instrumentation
- Secure code review & vulnerability research
- PoC development and reproducible reporting
- Languages: · Python · Java · Bash · Go
- Tooling: · Burp Suite · Metasploit · Cobalt Strike · Powershell Empire
- Ops: Docker · AWS · Kali/Parrot
- eMAPT (Mobile Application Penetration Tester)
- eWPTXv2 (Web Application Penetration Tester eXtreme)
- C-AI/MLPen (The Certified AI/ML Pentester)
- BSCP (The Burp Suite Certified Practitioner)
A small, curated selection.
-
XSS Payload Forge - advanced payload generation for diverse contexts
Repo:https://github.com/ikpehlivan/xss-payload-forge -
JWT Analyzer - deep analysis & auditing for JSON Web Tokens
Repo:https://github.com/ikpehlivan/jwt-analyzer -
Mini Web Security Scanner - lightweight vuln detection engine
Repo:https://github.com/ikpehlivan/mini-web-security-scanner -
Deser Risk Analyzer - static analysis for insecure deserialization patterns
Repo:https://github.com/ikpehlivan/deser-risk-analyzer -
DOM XSS Detector - static/dynamic analysis for DOM XSS
Repo:https://github.com/ikpehlivan/dom-xss-detector -
AD Misconfiguration Scanner - Active Directory enumeration & misconfiguration detection
Repo:https://github.com/ikpehlivan/ad-misconfig-scanner -
Go-C2-Beacon - stealth-focused Command & Control (C2) framework
Repo:https://github.com/ikpehlivan/Go-C2-Beacon
- I follow responsible disclosure and do not share exploit code for real-world harm.
- Prefer reproducible findings with clear impact + remediation guidance.