Hi, this is Devansh ⚡. I break things for a living and help others understand why they broke.
Nearly a decade in security. Bug hunting, Security research related to DNS & Supply Chain Security, AI Security, Smart contract audits, and Vulnerability triage at HackerOne. I've reported hundreds of bugs to 100+ companies, built open-source tools with 10k+ GitHub stars, and now lead Technical Services (Triage) at HackerOne.
| Project | Description |
|---|---|
| ParamSpider | Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing |
| FavFreak | Making Favicon.ico based Recon Great again |
| OpenRedireX | A fuzzer for detecting open redirect vulnerabilities |
| headerpwn | Fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers |
| rayder | Lightweight tool for orchestrating and organizing bug hunting recon / pentesting command-line workflows |
| CertEagle | Weaponizing Live CT logs for automated monitoring of assets |
| DNSleuth | Spy on the DNS queries your machine is making |
| revit | Command-line utility for performing reverse DNS lookups |
| heaptruffle | Mine URLs from browser's heap snapshot for fun and profit |
| ip2cloud | Check IP addresses against known cloud provider IP address ranges |
| revwhoix | Utility for reverse WHOIS lookups using whoisxml API |
| dnsaudit | Command-line utility for auditing DNS configuration using Zonemaster API |
| Quaithe | Execute multiple commands in parallel for blazing-fast performance |
| ip2asn | Quickly map IP addresses to their respective ASN |
| getresolvers | Utility to fetch freshly updated DNS resolvers |
| Watson | Note management and search utility for your terminal |
| realm | Utility for recursively traversing SSL/TLS certificates for collecting DNS names |
| getsan | Fetch and display DNS names from SSL/TLS cert data |