Offensive Security Researcher · Penetration Tester
Building practical security tooling - from discovery to exploitation to reporting.
- Web & API security testing (manual-first, automation-assisted)
- Mobile security (Android/iOS) & traffic instrumentation
- Secure code review & vulnerability research
- PoC development and reproducible reporting
Languages: Python · Java · Bash
Tooling: Burp Suite · Metasploit · Wireshark
Ops: Docker · AWS · Kali/Parrot
- eMAPT (Mobile Application Penetration Tester)
- eWPTXv2 (Web Application Penetration Tester eXtreme)
- C-AI/MLPen (The Certified AI/ML Pentester)
- BSCP (The Burp Suite Certified Practitioner)
A small, curated selection. Full list is pinned on my profile.
-
XSS Payload Forge - advanced payload generation for diverse contexts
Repo:https://github.com/ikpehlivan/xss-payload-forge -
JWT Analyzer - deep analysis & auditing for JSON Web Tokens
Repo:https://github.com/ikpehlivan/jwt-analyzer -
Mini Web Security Scanner - lightweight vuln detection engine
Repo:https://github.com/ikpehlivan/mini-web-security-scanner -
Deser Risk Analyzer - static analysis for insecure deserialization patterns
Repo:https://github.com/ikpehlivan/deser-risk-analyzer -
DOM XSS Detector - static/dynamic analysis for DOM XSS
Repo:https://github.com/ikpehlivan/dom-xss-detector
- I follow responsible disclosure and do not share exploit code for real-world harm.
- Prefer reproducible findings with clear impact + remediation guidance.