Offensive Security Researcher · Penetration Tester
Building practical security tooling - from discovery to exploitation to reporting.
- Web & API security testing (manual-first, automation-assisted)
- Mobile security (Android/iOS) & traffic instrumentation
- Secure code review & vulnerability research
- PoC development and reproducible reporting
Languages: Python · Java · Bash
Tooling: Burp Suite · Metasploit · Wireshark
Ops: Docker · AWS · Kali/Parrot
- eMAPT
- eWPTX
- C-AI/MLPen
A small, curated selection. Full list is pinned on my profile.
-
XSS Payload Forge - advanced payload generation for diverse contexts
Repo:https://github.com/ikpehlivan/xss-payload-forge -
JWT Analyzer - deep analysis & auditing for JSON Web Tokens
Repo:https://github.com/ikpehlivan/jwt-analyzer -
Mini Web Security Scanner - lightweight vuln detection engine
Repo:https://github.com/ikpehlivan/mini-web-security-scanner -
Deser Risk Analyzer - static analysis for insecure deserialization patterns
Repo:https://github.com/ikpehlivan/deser-risk-analyzer
- I follow responsible disclosure and do not share exploit code for real-world harm.
- Prefer reproducible findings with clear impact + remediation guidance.