Skip to content
View Kalp1774's full-sized avatar
😎
chilling
😎
chilling
5 followers · 1 following

Highlights

  • Pro

Block or report Kalp1774

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Kalp1774/README.md

header

Typing SVG

Twitter HackerOne Ko-fi Buy Me a Coffee GitHub Sponsors

whoami

$ cat /etc/kalp/profile

  Role     : Offensive security researcher & bug bounty hunter
  Focus    : Web app pentesting, cloud misconfigs, OAuth/JWT, race conditions
  Building : Akira - the AI pentest co-pilot that actually finds bugs
  Based    : India
  CVEs     : Strapi SSRF bypass + MIME fail-open (filed 2026)
  Bounties : HackerOne, Bugcrowd, private programs

Featured Work

Akira - AI Pentest Co-Pilot

Phase-chained offensive security skills for Claude Code, Gemini CLI, Cursor, and Codex. No hallucinated findings. Every result is evidence-gated.

/plan-engagement  ->  /recon  ->  /secrets  ->  /exploit  ->  /triage  ->  /report

12 attack modules. Real bug bounty findings updated weekly. MIT licensed.

Stars Forks Last Commit

EvilTwin with ESP32 - Hardware Attack Demo

Compact Wi-Fi spoofing simulation on ESP32 with LED display. Built for ethical hacking demos and cybersecurity awareness.

Bug Bounty Highlights

Finding Severity Platform Bounty
SSRF -> AWS IAM credential extraction Critical HackerOne $2,500
OAuth open redirect -> ATO chain Critical Bugcrowd $1,800
JWT RS256->HS256 algorithm confusion -> admin Critical HackerOne $1,500
Race condition: coupon applied 7x simultaneously High Private $800
Strapi SSRF bypass + MIME fail-open Critical CVE filed -

Full writeups in Akira/FINDINGS.md

Stack

Python TypeScript JavaScript C++ Shell AWS Burp Suite

GitHub Stats

Kalp's GitHub Stats

Top Languages

GitHub Streak

footer

Building tools that find real bugs. If Akira helped you, star it or buy me a coffee.

Popular repositories Loading

  1. akira akira Public

    The AI pentest co-pilot that actually finds bugs. Phase-chained, evidence-gated offensive security skills for Claude Code, Gemini CLI, Cursor, and more.

    Shell 7 1

  2. EvilTwin-with-ESP32 EvilTwin-with-ESP32 Public

    EvilTwin is a compact hardware-based simulation of a Wi-Fi spoofing attack using ESP32 and a LED display, designed for ethical hacking demonstrations and cybersecurity awareness.

    C++ 4 1

  3. HRMS HRMS Public

    part 2

    TypeScript 1

  4. awesome-security awesome-security Public

    Forked from sbilly/awesome-security

    A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

    1

  5. awesome-pentest awesome-pentest Public

    Forked from enaqx/awesome-pentest

    A collection of awesome penetration testing resources, tools and other shiny things

    1

  6. awesome-claude-code awesome-claude-code Public

    Forked from hesreallyhim/awesome-claude-code

    A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic

    Python 1