Skip to content
View Rishurana2867's full-sized avatar
🏠
Working from home
🏠
Working from home

Block or report Rishurana2867

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Rishurana2867/README.md

Hi, I'm Rishu Rana 👋

Cybersecurity Researcher • Bug Bounty Hunter • Offensive Security Enthusiast


Passionate about discovering and responsibly disclosing security vulnerabilities in modern web applications through real-world bug bounty and vulnerability disclosure programs.

I specialize in web application security testing with a strong focus on reconnaissance, attack surface mapping, vulnerability assessment, and responsible disclosure. I approach every target with a researcher's mindset — not just scanning, but understanding how the application works and where it breaks.

Actively exploring security programs on YesWeHack, Bugcrowd, and HackerOne.

With a solid foundation in networking, Linux, operating systems, and cryptography, I enjoy going deep into how systems are built — because understanding systems is the first step to breaking them responsibly.


🛠️ Technical Skills

Security & Offensive Testing Web Application Security · Vulnerability Assessment & Analysis · Reconnaissance & Enumeration · OSINT & Attack Surface Discovery · API Security Testing

Tools Burp Suite · Nmap · Nuclei · Metasploit · Subfinder · httpx · ffuf · gobuster · Waybackurls · gau · katana

Systems & Development Kali Linux · Ubuntu · Networking & OS Fundamentals · Python · Bash Scripting · Git & GitHub


🎯 Current Focus

  • Hunting real-world vulnerabilities across active bug bounty programs
  • Deepening expertise in web application and API penetration testing
  • Building recon automation tools to improve testing efficiency
  • Writing and publishing technical security research publicly
  • Working toward professional red teaming and OSCP certification

📌 Why This Profile Exists

I believe in learning in public. Everything I discover, report, and build gets documented — on GitHub and on LinkedIn. This profile is a live record of that journey.


📬 Connect

🔗 linkedin.com/in/rishurana2867


"Security is not just finding vulnerabilities — it's understanding systems deeply enough to think beyond their intended behavior."

Pinned Loading

  1. web-recon-playbook web-recon-playbook Public

    A complete, phase-by-phase web recon methodology for bug bounty hunters — ASN mapping to vuln scanning. Built from real findings.

    Shell 2