Skip to content
View soham23's full-sized avatar

Block or report soham23

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
soham23/README.md

Hi, I'm Soham 👋

I'm an Application Security Researcher with 5+ years of independent experience discovering and responsibly disclosing vulnerabilities through bug bounty and private vulnerability disclosure programs.

My primary interests include:

  • Web Application Penetration Testing
  • Broken Access Control
  • GraphQL Security
  • Business Logic Testing
  • Security Automation

Over the years, I've reported 74+ valid vulnerabilities across public and private programs, earning Bugcrowd MVP recognition twice and multiple Hall of Fame acknowledgements.


🛠 Technologies

  • Python
  • Bash
  • Burp Suite
  • GraphQL
  • Linux

📂 Featured Projects

Clarence

Recover GraphQL schemas from introspection-disabled endpoints using alternative discovery techniques.

Recon Automation Pipeline

Automates DNS resolution, port scanning, HTTP fingerprinting, and HTML report generation.

Subdomain Enumeration Pipeline

Combines passive discovery, DNS bruteforcing, and alternate hostname generation into a unified enumeration workflow.

GraphQL Query Builder

Generates GraphQL queries from recovered schemas to accelerate manual application security testing.

HMAC-SHA256 Cracker

Dictionary-based HMAC-SHA256 key recovery utility designed for long messages unsupported by Hashcat.

Firefox RCE (Educational Port)

Educational JavaScript port of the Firefox CVE-2016-9079 exploit created during OSCP preparation.


🏆 Highlights

  • OSCP (Offensive Security Certified Professional)
  • 74+ Valid Vulnerability Reports
  • Bugcrowd MVP (2×)
  • Hall of Fame Recognition from multiple organizations
  • Volunteer Supervisor at Make A Difference

🌐 Connect

Always open to discussing application security, security tooling, GraphQL, and vulnerability research.

Pinned Loading

  1. clarence clarence Public

    GraphQL schema recovery tool for reconstructing GraphQL schemas through introspection alternatives and endpoint analysis.

    Python

  2. recon-automation-pipeline recon-automation-pipeline Public

    Automated reconnaissance pipeline for DNS resolution, port scanning, HTTP fingerprinting, and report generation.

    Shell

  3. subdomain-enumeration-pipeline subdomain-enumeration-pipeline Public

    Automated Bash pipeline for passive and active subdomain enumeration using Sublist3r, Subfinder, PureDNS, AltDNS, and MassDNS.

    Python

  4. graphql-query-builder graphql-query-builder Public

    Generate GraphQL queries, mutations, wordlists, and path enumeration helpers from GraphQL introspection schemas.

    Python

  5. hmac_sha256_cracker hmac_sha256_cracker Public

    Python tool for recovering HMAC-SHA256 secrets using dictionary attacks with known plaintext and digest.

    Python

  6. firefox-rce-nssmil firefox-rce-nssmil Public

    Educational standalone JavaScript implementation of the public exploit for CVE-2016-9079 (Firefox Use-After-Free), adapted from the original Exploit-DB/Metasploit module.

    JavaScript 1