Skip to content
View iw00tr00t's full-sized avatar
42 followers · 7 following

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Achievements

Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Block or report iw00tr00t

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
iw00tr00t/README.md

Typing SVG


OSCP OSCE CISSP CCSP



GitHub followers Stars Profile Views

$ whoami

┌──(iw00tr00t㉿0day)-[~/offensive]
└─$ cat about.txt

  Name         :  Avinash Kumar Thapa
  Certs        :  CISSP · CCSP · OSCP (2016) · OSCE (2016)
  Experience   :  13+ years | 3+ in leadership
  Offensive    :  Red Team · Adversary Emulation · Exploit Dev · EDR/AV Bypass
  Domains      :  Web · Mobile (iOS/Android) · API · Network · Cloud · Blockchain
  MITRE ATT&CK :  Full TTP coverage — recon through impact
  Tools Built  :  Claudia (Burp AI agent) · claudia-rag (262K-chunk KB) · Redis RCE (★97)

Offensive security practitioner since 2014. OSCP and OSCE since 2016 — not recently, since 2016. I run Red Teams, lead adversary emulation programs, and build the tools that do the work. Full engagement lifecycle: recon, exploitation, post-exploitation, pivot, report. I've broken web apps, mobile apps, APIs, cloud infrastructure, Active Directory, crypto exchanges, and payment systems across financial services, fintech, telecom, and government sectors.

$ cat offensive_domains.txt

Domain What I Actually Do
🔴 Red Team & Adversary Emulation MITRE ATT&CK-based ops · BAS campaigns · EDR/AV bypass · Post-exploitation tradecraft · Stealth persistence
🌐 Web Application OWASP Top 10 · Business logic · Auth bypasses · Deserialization · SSRF · SSTI · Race conditions
📱 Mobile (iOS/Android) Frida hooks · Binary analysis · IPA extraction (no jailbreak) · SSL pinning bypass · Runtime manipulation
🔌 API Security OWASP API Top 10 · OAuth token abuse · GraphQL injection · JWT attacks · Mass assignment · BFLA/BOLA
🏗️ Network & Infrastructure Active Directory attacks · Lateral movement · Kerberoasting · PCI DSS v4.0 assessments · Wireless
☁️ Cloud Security AWS/Azure/GCP IAM attacks · CSPM · Kubernetes escapes · Container security · Serverless security
⛓️ Blockchain & Crypto Exchange platform testing · MPC wallet security · Smart contract review · Webhook security · Key management
🤖 AI/LLM Security Prompt injection · Context contamination · Tool-chaining privilege escalation · AI agent threat modeling

$ ls /arsenal

Languages & Platforms

Skills


Offensive Toolkit

Burp Suite Metasploit Frida Cobalt Strike Impacket Nuclei Nmap BloodHound SQLMap FFUF Objection Wireshark

$ cat active_projects.md

Claudia — Burp Suite AI Agent

Burp Suite Professional extension deploying 22 specialist offensive agents against your proxy traffic. Each agent owns a focused attack scope: OWASP Web Top 10, API Top 10, business logic, auth flaws. Backed by a 262,931-chunk local RAG of HackerOne reports, semgrep rules, 8,599 CVE PoCs, and HackTricks. Agents attempt real exploitation, generate verified curl PoC, and return structured findings with severity + CWE.

No cloud. No data leaves your machine.

Java · Montoya API · Python FastAPI · ChromaDB · Claude SDK

claudia-rag — Security Knowledge Base

Self-hosted MCP server with 262,931 indexed chunks from 39 curated security sources. Auto-updates nightly — HackerOne reports, HackTricks, OWASP WSTG/MASTG, Nuclei templates, semgrep rules, Google Project Zero, 8,599 CVE PoCs, and researcher blogs. Incremental re-indexing via git commit hashes.

9 collections · 39 sources · updated nightly

ChromaDB · FastMCP · sentence-transformers · launchd

$ cat tools.md

Tool What It Does Stars
Redis-Server-Exploit RCE via unauthenticated Redis — shell access on misconfigured internet-facing instances ⭐ 97
pci-network-pentest-framework 9-phase PCI DSS v4.0 network pentest framework with automation scripts and requirement mapping
ios-ipa-extractor Extract IPAs from non-jailbroken iOS devices — no jailbreak, no MDM, 3 steps
Shell-Uploader PHP webshell uploader for post-exploitation and CTF ⭐ 8
HFS-Http-File-Server RCE exploit for HFS 2.3.x — remote code execution via HTTP File Server ⭐ 3
globalprotect-expired-cert-workaround Connect GlobalProtect VPN when the gateway certificate has expired (macOS)

$ cat github_stats.md

  




Breaking systems. Building tools. 13 years and counting.

Popular repositories Loading

  1. Redis-Server-Exploit Redis-Server-Exploit Public

    This will give you shell access on the target system if redis server is not configured properly and faced on the internet without any authentication

    Python 97 42

  2. Shell-Uploader Shell-Uploader Public

    This is just a shell uploader which helps in uploading shell from your local machine.

    PHP 8 27

  3. HFS-Http-File-Server HFS-Http-File-Server Public

    This is the exploit code for HFS-HTTP File server. Versions 2.3.x were vulnerable to Remote code execution vulnerability. I

    Python 3 3

  4. CVE-2020-3452 CVE-2020-3452 Public

    Forked from 0x5ECF4ULT/CVE-2020-3452

    CVE-2020-3452 exploit

    Python 2

  5. AllThingsSSRF AllThingsSSRF Public

    Forked from jdonsec/AllThingsSSRF

    This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location

    2

  6. security security Public

    Forked from xapax/security

    Stuff about it-security that might be good to know

    CSS 1 1