akash@kali:~$
root@akash:~#

Akash Athare

Offensive Security Engineer | Bug Bounty Hunter

"I break systems before attackers do."

Hire Me View Reports
0+ Vulns Reported
0+ Subdomains Mapped
0 $ Bounty Won
scroll_down

01. About_Me

$ cat about.txt

Offensive Security Engineer specializing in Web, API, and Mobile Application security testing.

I started my journey building software — but quickly realized I was more fascinated by breaking things than building them. What began as curiosity turned into a career hunting vulnerabilities across real-world applications.

From discovering critical authentication bypasses and chained exploits at HackersEra, to building a Web3 antivirus bot that got acquired by an antivirus firm, I've always been at the intersection of offense and innovation.

Today, I combine manual testing expertise with automated recon pipelines to find what scanners miss. Whether it's a business logic flaw hiding in plain sight or a smart contract vulnerability waiting to be exploited — I find it.

🎯

Bug Bounty

50+ valid vulnerabilities reported across real-world apps — privilege escalation, auth bypass, chained exploits

🔬

Security Research

Deep manual testing aligned with OWASP Top 10, custom payload crafting & attack chaining

⛓️

Web3 Development

Smart contract development, honeypot detection bot, Chrome extension acquired by AV firm

~/identity
name: Akash Athare
role: Offensive Security Engineer
location: Pune, India
education: B.Tech CE (SPPU) — 8.55 CGPA
specialization: Cybersecurity Major (IIT Guwahati)
status: Available for hire
CEH
CNSP
OSCP
GATE '24

02. Skill_Set

skills_inventory.sh
🎯

Vulnerability Expertise

Privilege Escalation Broken Access Control Authentication Bypass Business Logic Exploitation Chained Attack Vectors IDOR & Insecure References SQL Injection API Security Misconfigurations Session Manipulation Race Conditions
🛠️

Tools & Arsenal

Burp Suite Pro Nmap FFUF / Gobuster Wireshark Metasploit Sqlmap Nuclei MobSF Hydra Sublist3r
🔍

Recon & Automation

Subdomain Enumeration Attack Surface Mapping Python Automation Bash Scripting Custom Wordlist Generation AI-Assisted Target Prioritization
📋

Methodologies & Standards

OWASP Top 10 OWASP Testing Guide PTES Source Code Review Vulnerability Disclosure PoC Report Writing

03. Experience

Nov 2025 — Present

Penetration Tester

HackersEra · Pune, India
  • Conduct Web App, API, Mobile (Android/iOS), and Network penetration testing for enterprise clients
  • Discovered critical authentication bypass, IDOR, business logic flaws and chained vulnerabilities leading to high-impact exploitation
  • Manual testing using Burp Suite, Nmap, FFUF, MobSF, ADB combined with custom payload crafting
  • Secure source code review to identify security flaws in backend logic and API implementations
  • Delivered detailed vulnerability assessment reports with PoC exploits and remediation guidance
VAPTAPI SecurityMobile PentestCode Review
Aug 2024 — Oct 2025

Security Researcher

Freelance · Remote
  • Identified and reported 20+ valid vulnerabilities including XSS, IDOR, SQLi, auth bypass, and access control flaws
  • End-to-end reconnaissance and manual VAPT using Burp Suite, Nmap, FFUF, Sublist3r, Hydra
  • Web Application testing aligned with OWASP Top 10, analyzing server responses and crafting exploit payloads
  • Professional vulnerability disclosure reports with PoC demonstrations and mitigation strategies
Bug BountyOWASPVuln Disclosure
Feb 2024 — May 2024

Blockchain Developer

BlockDudes · Delhi NCR, India
  • Developed a Web3 Chrome extension for detecting honeypot tokens — later acquired by an antivirus firm
  • Built a Telegram bot for scam token detection, wallet monitoring, and crypto transactions
  • Developed and tested smart contracts for token-based utilities
  • Runner-up at DoraHacks Hackathon by Akash Network — $10,000 prize
Web3Smart Contracts$10K Winner
Jun 2023 — Jan 2024

Software Engineer

Palle Services · Bangalore, India
  • Developed backend APIs using Java and Spring Boot, integrated frontend with ReactJS
  • Optimized SQL queries and improved database performance for high-traffic applications
  • Collaborated with engineering teams to improve application security and reliability
JavaSpring BootReact

04. Services

🛡️
Most Popular

VAPT — Web App Pentesting

Comprehensive vulnerability assessment and penetration testing for web applications, APIs, and mobile apps. Manual testing aligned with OWASP methodology, combined with automated scanning.

  • Full OWASP Top 10 coverage
  • Manual + automated testing
  • Detailed PoC reports
  • Remediation guidance

For: Startups, SaaS companies, enterprises seeking compliance

Get Started →
🎯

Bug Bounty Consulting

Launch or optimize your bug bounty program. Get expert guidance on scope definition, triage workflows, and vulnerability management — from someone who's been on both sides.

  • Program setup & scope design
  • Triage & severity assessment
  • Hunter perspective insights
  • Report quality optimization

For: Companies launching or scaling bug bounty programs

Contact Me →
⛓️

Web3 Security & Dev

Smart contract security auditing, honeypot token detection, and Web3 security development. Built tools that were acquired — I know the attack surface intimately.

  • Smart contract review
  • Token security analysis
  • DeFi security assessment
  • Security tool development

For: Web3 projects, token launches, DeFi protocols

Get Started →

05. Digital_Store

🔥 Best Seller
🔧

Recon Automation Toolkit

Complete automated reconnaissance framework. Subdomain enumeration, live host detection, attack surface mapping, and vulnerability scanning — all in one pipeline. Built from real-world bug bounty experience.

$49 one-time
  • ✅ Python + Bash scripts
  • ✅ Setup documentation
  • ✅ Lifetime updates
  • ✅ Custom wordlists
Buy Now →
📋

Bug Bounty Checklist

The exact methodology I use for bug bounty hunting. Covers recon, testing, reporting — organized by vulnerability class with payloads, tips, and real-world examples from my experience.

$19 one-time
  • ✅ Interactive HTML guide
  • ✅ 50+ payload examples
  • ✅ OWASP-aligned structure
  • ✅ Regular updates
Buy Now →

06. Projects

📂

Reconix

Automated Bug Bounty Recon Framework

Problem

Manual recon is time-consuming and error-prone. Bug bounty hunters need fast, comprehensive attack surface mapping.

Approach

Built automated pipeline for subdomain enumeration, live host detection, and vulnerability scanning with AI-assisted analysis.

Result

Enumerated 100+ subdomains per engagement. Identified IDOR & privilege escalation vectors during recon phase.

PythonBashAutomation
📂

Security Monitoring Suite

Detection Engineering with Wazuh

Problem

Organizations need real-time threat detection and alerting for SSH brute-force, privilege escalation, and intrusions.

Approach

Integrated Wazuh SIEM with Suricata IDS rules and VirusTotal API. Built custom detection logic and Telegram alerting.

Result

Automated detection of brute-force attacks, privilege escalation, and malicious files with real-time alerting.

WazuhSuricataLinux
📂

Web3 Antivirus Bot

Honeypot & Scam Token Detection

Problem

Crypto users lose millions to honeypot tokens and scam contracts. No easy way to verify token safety before buying.

Approach

Built a Telegram bot + Chrome extension for automated smart contract analysis and honeypot detection.

Result

Chrome extension acquired by an antivirus firm. Bot actively screening tokens and monitoring wallet activity.

Node.jsWeb3.jsJavaScript

07. Reports_&_Writeups

CRITICAL

Privilege Escalation via Role Manipulation

Discovered a critical privilege escalation vulnerability where an attacker could manipulate user roles to gain unauthorized administrative access, leading to full system compromise.

Impact: Full Privilege Escalation Published Writeup
Read on Medium →
$700 BOUNTY

How I Discovered a $700 CSRF Vulnerability

Found a high-impact CSRF vulnerability, earned a $700 bounty, and then recreated the entire vulnerability as a hands-on security lab for educational purposes.

Impact: Account Takeover via CSRF Published Writeup + Lab
Read on Medium →
CRITICAL

Authentication Bypass via Token Manipulation

Discovered a critical authentication bypass vulnerability allowing unauthorized access to admin endpoints through JWT token manipulation and flawed session validation.

Impact: Full Account Takeover Bug Bounty Report
Read Writeup →
HIGH

Chained IDOR to PII Exposure

Identified an IDOR vulnerability in user profile endpoints that, when chained with an information disclosure flaw, led to exposure of sensitive personal data of all platform users.

Impact: Mass Data Exposure Vulnerability Disclosure
Read Writeup →

Interactive_Terminal

akash@portfolio:~$
Welcome to Akash's terminal.
Type 'help' for available commands.
visitor@akash:~$

08. Get_In_Touch

Available for freelance projects & full-time roles. Let's build something secure together.

Connect With Me

📧 akashworks151@gmail.com 💻 github.com/AkashA1511 🔗 linkedin.com/in/akasha151 🐦 @akasha151 ✈️ @reasearcherr ✍️ medium.com/@C0deRevenant 📝 Security Blog 🎬 youtube.com/@c0derevenant
Currently available for opportunities
LIVE FEED
visitors: 0000