Skip to content
View Raunaksplanet's full-sized avatar
🐒
Developing Security Tools in Large Ocean of Bug-Bounty
🐒
Developing Security Tools in Large Ocean of Bug-Bounty
273 followers · 47 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx3Achievement: YOLOAchievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx3Achievement: YOLOAchievement: QuickdrawAchievement: Pull Shark

Block or report Raunaksplanet

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Raunaksplanet/README.md

Typing SVG

Banner

LinkedIn Twitter/X GitHub Medium YouTube YesWeHack HackerOne Discord Portfolio Udemy

🧠 About Me

whoami
> Raunak Gupta  a.k.a.  B1scuit
> Freelance Security Researcher & Bug Bounty Hunter
> Specializing in: Android β€’ Web β€’ API β€’ Thick-Client Security
> Also into: Open-Source β€’ AI β€’ LLMs
> Location: Rajasthan, India
> Status: Available for hire 🟒
  • 🎯 Bug Bounty Hunter on HackerOne & YesWeHack β€” featured in 18+ Hall of Fames
  • πŸ› οΈ Building open-source security tools for the community
  • πŸ“Ή Running B1scuit Security on YouTube β€” hacking tutorials & writeups
  • ✍️ Writing on Medium β€” bug bounty tips, resources & POCs
  • πŸŽ“ Udemy instructor with 8,400+ learners
  • πŸ’¬ Running an active Discord community for security researchers
  • 🌐 Personal site: b1scuit.pro

πŸ† Hall of Fame β€” Acknowledged By

Company Severity Vulnerability Type
πŸ”΅ Supabase πŸ”΄ High BAC + Insecure API (rate limiting & input flaws)
🟠 Zerodha πŸ”΄ High Android + Business Logic + Security Misconfigurations
⚫ Cert-wm.nl πŸ”΄ High Stored XSS via Unrestricted File Upload
🟣 Thinkst Canary 🟑 Medium Mass PII Leak
🟒 Substack 🟑 Medium Race Condition β€” Atomic Increment Manipulation
🟒 GeeksForGeeks 🟑 Medium Mass Assignment Vulnerability
πŸ”΅ Wibmo.com 🟑 Medium IDOR β€” Email Disclosure
🟠 EC-Council 🟑 Medium Email Verification Bypass
🟀 Inflectra.com 🟑 Medium Open Redirect + PII Leak via Input Validation Flaw
🟣 Skillmate.ai 🟑 Medium Security Bypass + Insecure API
πŸ”΅ Samsung πŸ”΅ Low Misconfigured AWS S3 Bucket β€” Data Leak
β™ŸοΈ Chess.com πŸ”΅ Low CWE-657: Insecure Design Violation
🟠 Arcjet.com πŸ”΅ Low CWE-657: Insecure Design Violation
πŸ₯ CK Birla Hospital πŸ”΅ Low Security Bypass + Insecure API
πŸ₯ Sir Ganga Ram Hospital πŸ”΅ Low Security Bypass + Insecure API
πŸ₯ Max Healthcare πŸ”΅ Low Security Bypass + Insecure API
🟑 Com Olho πŸ”΅ Low Security Bypass + Insecure API
🟑 Brandmuscle.com πŸ”΅ Low Security Bypass + Insecure API

πŸ’° Also earned a $1,000+ bounty via private YesWeHack program (Android app β€” Forgot Password flow)

πŸš€ Featured Projects

πŸ“š Learning & Research

Project Description Stars
My CyberSecurity Store Curated collection of infosec tools, resources & references ⭐
Bug Bounty GitBook Playbook: tools, methodologies, writeups, labs & checklists ⭐
Learn Android Bug Bounty Complete guide to Android application pentesting & bug bounty ⭐
Learn Beyond Web Comprehensive guide to Thick-Client security testing ⭐
Elite Google Dorks Search Smart Google dorks to surface hidden assets & information ⭐

πŸ€– Android Security Tools

Project Description
APKDig Deep APK analysis β€” extracts security-relevant info
analyze_manifest AndroidManifest.xml analyzer β€” permissions, deep links, exported components
AndroidExportViewer View & analyze exported Android components
DecompileAllAPK-s Batch APK decompiler with analysis features
PullAPKFromPure Extract APKs directly from Android devices

🌐 Web Security Tools

Project Description
Bruteforce JWT Secret Brute-force weak JWT secrets to test auth
Elite Burp Suite Analyzer Advanced HTTP history analyzer with enhanced filtering
GitHub Recon Tool GitHub recon & repo analysis tool
Tor IP Changer Auto-rotate IP via Tor network
Single Script Tools One-script installer for multiple cybersecurity tools
CloneAllRepo Clone all repos from a GitHub user/org

πŸ”§ Burp Suite Extensions

Extension Description
AutoTabSorter Auto-organize Burp tabs for workflow efficiency
CVSS Calculator Integrated CVSS scorer inside Burp Suite

πŸ“ Recent Blogs & POCs

πŸ› οΈ Skills & Stack

Android Burp Suite Python Frida Linux API Security OWASP Git

Target Surfaces: Web Apps β€’ REST/GraphQL APIs β€’ Android Apps β€’ iOS Apps β€’ Thick-Client Apps Techniques: IDOR β€’ BAC β€’ Race Conditions β€’ Mass Assignment β€’ SQLi β€’ XSS β€’ JWT Attacks β€’ SSL Pinning Bypass β€’ Root Detection Bypass β€’ Business Logic Flaws β€’ AWS Misconfigurations

πŸ“Š GitHub Stats

GitHub Stats Top Languages

GitHub Streak

πŸŽ“ Teaching

Udemy Instructor β€” Security Researcher and Bug Bounty Hunter

  • πŸ“Œ 8,400+ total learners
  • πŸ“Œ Active courses on cybersecurity, bug bounty & ethical hacking
  • πŸ“Œ Beginner-friendly content paired with real-world examples

πŸ’¬ Let's Connect

Found a bug in my README? That's... ironic. Hit me up on Discord or Twitter.

⭐ If my tools or resources helped you β€” drop a star. It keeps the grind going.

Profile Views

Pinned Loading

  1. My-CyberSecurity-Store My-CyberSecurity-Store Public

    This repository contains a comprehensive collection of learning resources and notes that I've gathered on various topics, including cybersecurity, bug bounty, API security, cloud security, and more…

    Rust 629 174

  2. Elite-Google-Dorks-Search-by-Biscuit Elite-Google-Dorks-Search-by-Biscuit Public

    Discover hidden information on the web with "Elite Google Dorks Search by Biscuit." This collection offers smart and improved Google search queries to help you find data and vulnerabilities more ea…

    HTML 20 8

  3. Bug-Bounty-GitBook Bug-Bounty-GitBook Public

    Biscuit's Bug Bounty Playbook is a curated hub for cybersecurity learners and bug bounty hunters. It includes tools, methodologies, writeups, vulnerable labs, YouTube channels, checklists, and plat…

    20 10

  4. Learn-android-bug-bounty Learn-android-bug-bounty Public

    Documenting all the sources from where I'm learning Mobile(adnroid/IOS) bug bounty so if another researcher want to start with mobile bug bounty he/she don't struggle for resources

    Shell 48 13

  5. Single-Script-Tools-Installation Single-Script-Tools-Installation Public

    Automating Micros

    Shell 13 7