GitHub - 1N3/1N3: Sr. Penetration Tester. Creator of Sn1per. Top 20 worldwide on @BugCrowd in 2016. OSCE/OSCP/CISSP/Security+

Website

Social Media

Bug Bounty Profiles

Public Exploits

Open Source Security Tools

SILENTCHAIN AI (https://github.com/silentchainai/SILENTCHAIN)
Sn1per (https://github.com/1N3/Sn1per)
Findsploit (https://github.com/1N3/Findsploit)
BruteX (https://github.com/1N3/BruteX)
BlackWidow (https://github.com/1N3/BlackWidow)
ReverseAPK (https://github.com/1N3/ReverseAPK)
GooHak (https://github.com/1N3/GooHak)
PRISM-AP (https://github.com/1N3/PRISM-AP)

Certifications

OSCE
OSCP
CISSP
Security+
CNA
MCP
Network+
A+
PCI-ASV
SecurityTube Android Security For Penetration Testers

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2026:

Created SILENTCHAIN AI @silentchainai (https://silentchain.ai) AI-Powered Vulnerability Scanning for Burp Suite (https://github.com/silentchainai/SILENTCHAIN/)

2024:

CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (https://sn1persecurity.com/wordpress/cve-2024-21733-apache-tomcat-http-request-smuggling/) $4,660 bounty (https://hackerone.com/reports/2327341)

2021:

Nutanix Stored DOM Cross-Site Scripting (XSS) & Reflected Cross-Site Scripting (XSS) 0day

2020:

Discovered a critical vulnerability in Proofpoint affecting many customers and was added to the Hall of Fame (https://www.proofpoint.com/us/security)

2018:

Featured in Hackin9 Magazine - Open Source Hacking Tools edition (https://hakin9.org/download/open-source-hacking-tools/) 8/2018
Jetty 6.1.6 Cross-Site Scripting (XSS) (https://seclists.org/fulldisclosure/2018/Aug/15) (Full Disclosure) 8/2018
Listed on the DoD Defense Travel System HoF 6/2018
Qualified for the BugCrowd 2018 MVP researcher list (https://www.bugcrowd.com/bugcrowd-mvps-april-edition/) 4/2018
CVE-2018-8917 Synology-SA-18:14 - Reflected XSS in DSM 6.1.5-15254 (https://www.synology.com/en-us/security/advisory/Synology_SA_18_14) 3/2018
CVE-2018-6545 Ipswitch MoveIt v8.1 Stored Cross-Site Scripting (XSS) (https://www.exploit-db.com/exploits/43947) 2/2018
Multiple Cross-Site Scripting (XSS) vulnerabilities in Illustra IP Cameras ($600 bounty) 2/2018
Directory Traversal vulnerability in Illustra IP Cameras ($800 bounty) 2/2018
Remote Command Execution vulnerability in Illustra IP Cameras ($900 bounty) 2/2018
Listed on the BugCrowd 2017 MVP researcher list (https://www.bugcrowd.com/today-we-recognize-our-2017-mvp-researchers/) 1/2018

2017:

Received Offensive Security Certified Expert (OSCE) cerfication 12/2017
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
Systemic Local File Inclusion in WEMO HomeKit Android Application ($3,000 bounty) 9/2017
Placed 7th in ToorConCTF CTF 8/2017
Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
Received Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
Received Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
Listed on the BugCrowd 2016 MVP list 1/2017

2016:

Placed 3rd on BugCrowd's Operation Code CTF 9/2016
1st place @DEFCON CMD+CTRL CTF 8/2016
HTTPoxy Exploit Scanner Exploit/PoC 7/2016
CVE-2016-1034 Zabbix SQL Injection 0day (www.cvedetails.com/cve/CVE-2016-10134/) 7/2016
CVE-2016-4401 Unauthenticated Database Credential Leak in Aruba ClearPass ($1,500 bounty) (https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt) 6/2016
Tied for 2nd place in BugCrowd Operation Code CTF 6/2016
Made the top 10 researcher list on BugCrowd 6/2016
Placed 2nd at CactusCon 2016 RootTheBox CTF 5/2016
Ranked 19th on BugCrowd's Worldwide Leaderboard Bug Bounty 5/2016
Charts 4 PHP 1.2.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135666/Charts-4-PHP-1.2.3-Cross-Site-Scripting.html) 2/2016
Open Web Analytics 1.5.7 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135948/Open-Web-Analytics-1.5.7-Cross-Site-Scripting.html) 2/2016
WordPress All In One SEO Pack 2.2.2 Cross Site Scripting (Full Disclosure) 2/2016
PSV-2016-0127: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053136/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0127) 1/2016
PSV-2016-0124: Cleartext Submission of Password In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000055105/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0124) 1/2016
PSV-2016-0116: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
PSV-2016-0136: Unrestricted Arbitrary File Upload In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136) 1/2016
PSV-2016-0114: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053135/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0114) 1/2016
PSV-2016-0113: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
PSV-2016-0131: Server Side Request Forgery in NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131) 1/2016

2015:

Founded CrowdShield (https://crowdshield.com) A bug bounty startup based in Toronto, Canada.
Made the top 10 researcher list on BugCrowd 11/2015
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015

2014:

Lyris ListManagerWeb 8.95a Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html) 7/2014
MyConnection Server (MCS) 9.7i Cross Site Scripting (Full Disclosure) (https://0day.today/exploit/description/22526) 7/2014
AlogoSec FireFlow 6.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127001/AlogoSec-FireFlow-6.3-Cross-Site-Scripting.html) 7/2014
Received Offensive Security Certified Professional (OSCP) certification 2/2014

Name		Name	Last commit message	Last commit date
Latest commit History 25 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Website

Social Media

Bug Bounty Profiles

Public Exploits

Open Source Security Tools

Certifications

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2026:

2024:

2021:

2020:

2018:

2017:

2016:

2015:

2014:

About

Uh oh!

Releases

Packages

1N3/1N3

Folders and files

Latest commit

History

Repository files navigation

Website

Social Media

Bug Bounty Profiles

Public Exploits

Open Source Security Tools

Certifications

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2026:

2024:

2021:

2020:

2018:

2017:

2016:

2015:

2014:

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages