01getmoni.io
case-file / redacted reportCloud storage access-control review: exposed bucket listing, unauthenticated upload surface, private project data exposure, and remediation guidance.
open githubwhaleyxbt / README.md
short summary
Security engineer and TypeScript/JavaScript developer. Building and pentesting web applications, hunting for bug bounty. Into web3 since 15.
web app security reviewrecon & enumerationbug bounty reportsNext.js / React interfacesscripts and internal toolsLinux servers setupweb3 arbitrage modules
tools / projects / bug reports
My real experience:
02hololaunch.ai
case-file / redacted reportWeb3 presale auth chain: wallet identity spoofing, whitelist exposure, allocation data leakage, and server-side verification fixes.
open github03takao.zone
case-file / redacted reportFrontend/admin exposure case: production bundle leaked admin logic and endpoints; client-side state could render management UI.
open github04tgmrkt.io
case-file / redacted reportSession management review: long-lived static API tokens without expiration or context binding, creating persistent access risk.
open githubMore reports
open repositoryThe full report collection lives in a dedicated GitHub repository.
what i can do
Practical work.
Security research
Web security review across API, frontend, backend and business logic: auth issues, broken access control, unsafe client-side flows, exposed data, business logic bugs and other bugs.
Full-stack
Full-stack and automation projects: browser automation, scraping/pentesting utilities, background workers, API integrations, network interception, Telegram alerts and market/scanner-style tools.
Linux operations
Linux setup and server hygiene: Arch/Debian/Ubuntu configs, firewall rules, SSH/service setup, Docker basics, Git workflows, shell automation and practical hardening.
$ cat stack.txt
security: nmap, Burp Suite, ffuf, gobuster, sqlmap, Wireshark, Metasploit, Bettercap
engineering: TypeScript, JavaScript, Bash, SQL, Docker, Git, Linux