Probing internal services via SSRF, bypassing allowlists using
redirects and alternative IP formats, and cloud metadata
exploitation basics.
📦
XXE
XML Attacks
beginner
file read · blind xxe55%
XML external entity injection for local file disclosure, SSRF via
XXE, and out-of-band data exfiltration techniques.
🖥️
SSTI
Template Injection
learning
jinja2 · twig · detection45%
Identifying and exploiting server-side template injection in
Jinja2 and Twig engines to achieve RCE through crafted payload
injection.
🐍
PYTHON
Primary Language
intermediate
scripting · automation · tools82%
Writing security tooling, automating recon pipelines, building
HTTP scanners, and scripting exploit PoCs. Comfortable with
requests, argparse, and file I/O.
🐹
GO
Systems & Backend
intermediate
cli-tools · concurrency · cncf85%
Engineered high-performance CLI utilities and concurrent backend
services. Applied practical problem-solving to refactor error
handling in upstream cloud-native infrastructure.
🗂️
DATA STRUCTURES
Core Fundamentals
intermediate
algorithms · optimization · logic80%
Applying core computer science concepts to optimize asynchronous
reconnaissance engines and resolve complex logical issues
dynamically during active open-source development.
🌐
HTTP / PROTOCOLS
Networking
intermediate
requests · headers · sessions85%
Deep understanding of HTTP/S request-response cycle, headers,
cookies, sessions, methods, and how web apps communicate under the
hood.
📝
BASH / SHELL
Scripting
beginner
automation · pipelines60%
Writing shell scripts for task automation, chaining CLI tools,
setting up recon pipelines, and basic process management on Linux.
🔧
GIT / GITHUB
Version Control
intermediate
branches · PRs · pages72%
Managing repos, branching strategy, pull requests, and using
GitHub Pages to host projects. Familiar with GitHub Actions
basics.
🐧
LINUX
Operating System
intermediate
kali · ubuntu · CLI75%
Comfortable in Kali Linux and Ubuntu environments. File system
navigation, permissions, process management, networking commands,
and installing/configuring security tools.
🔌
NETWORKING
Core Concept
beginner
TCP/IP · DNS · ports60%
Understanding of TCP/IP stack, DNS resolution, port scanning,
subnetting basics, and how traffic flows between client and
server.
🔍
BURPSUITE
Proxy & Interception
intermediate
intercept · repeater · intruder78%
Intercepting and modifying HTTP traffic, using Repeater for manual
testing, Intruder for fuzzing, and Decoder for payload crafting.
🕵️
OSINT
Open Source Intelligence
beginner
passive recon · footprinting62%
Passive reconnaissance using search engines, WHOIS, Shodan, social
media, and public records to build a target profile without direct
interaction.
🌍
SUBDOMAIN ENUM
Recon
beginner
amass · subfinder · dns58%
Enumerating subdomains using tools like Amass and Subfinder,
brute-forcing with wordlists, and analyzing results for attack
surface expansion.
🔎
GOOGLE DORKING
Search Exploitation
intermediate
advanced operators · GHDB70%
Using advanced search operators to discover exposed files, login
panels, config leaks, and sensitive data indexed by search
engines.
// 03 — certificates
Certs & Labs
PortSwigger✓ active
Web Security Academy
Hands-on labs covering the OWASP Top 10 and beyond. Completed
labs across SQLi, XSS, CSRF, SSRF, XXE, SSTI, and authentication
vulnerabilities.
SQLiXSSCSRFSSRFSSTI
TryHackMe⟳ in progress
Pre-Security Path
Structured learning path covering networking fundamentals, Linux
basics, web hacking fundamentals, and core security concepts
through gamified rooms.
60% complete
networkinglinuxweb hacking
EC-Council◌ planned
CEH — Certified Ethical Hacker
Globally recognized certification covering ethical hacking
methodology, attack phases, and defense mechanisms. On the 2025
roadmap.
2025 goalpentestexploits
eLearnSecurity◌ planned
eJPT — Junior Penetration Tester
Entry-level penetration testing certification with practical
exam format. Covers network attacks, web app testing, and basic
exploitation techniques.
2025 goalpentestnetwork
// 04 — tools
Tools I Use
Exploitation & Testing
🔍
Burp Suite
daily
🗡️
SQLmap
regular
⚡
ffuf
regular
🌊
Nikto
occasional
🕷️
OWASP ZAP
occasional
Recon & Enumeration
🔭
Nmap
daily
🌍
Amass
regular
🔗
Subfinder
regular
🌐
Shodan
occasional
📡
Whois
regular
Development & Scripting
🐍
Python 3
daily
🖥️
VS Code
daily
🐙
Git / GitHub
daily
📝
Bash
regular
Platforms & Environments
🐧
Kali Linux
primary OS
🎯
TryHackMe
regular
🔬
PortSwigger Labs
daily
🖥️
VirtualBox
occasional
// 05 — roadmap
Learning Path
✓ completed
Web Security Foundations
HTTP deep dive, OWASP Top 10 theory, PortSwigger lab
environment setup and initial SQLi / XSS labs.
✓ completed
Python for Security
Built the web vulnerability scanner, HTTP request automation
scripts, and payload generation tools.
⟳ now — active
Advanced Web Exploitation
SSTI, deserialization, OAuth flaws, CORS misconfigurations,
and advanced PortSwigger expert labs.
◌ upcoming
eJPT Certification
Complete eLearnSecurity Junior Penetration Tester
certification — practical exam with full pentest lab.
◌ upcoming
Active Bug Bounty
Submit first valid reports on HackerOne / Bugcrowd programs.
Focus on recon-heavy, low-to-medium severity bugs.
◌ upcoming
Network Penetration Testing
Active directory attacks, pivoting, privilege escalation in
networked environments using Metasploit and manual methods.
◌ upcoming
CEH Certification
EC-Council Certified Ethical Hacker — formal methodology,
legal frameworks, and structured pentest process coverage.
◌ future
OSCP
Offensive Security Certified Professional — the gold standard
for hands-on penetration testing. Long-term goal.