bash — 80x24
$
> ExploitCraft
$
> Gazipur, Bangladesh
$
> ReconNinja v8.3.0 · VaultHound v1.0.0 · envleaks v1.0.0 · wifi-passview v1.0.0 · gitdork v0.1.0
$
> Bug hunting...

ExploitCraft

Security Tool Builder & Self-Taught Developer

2 Years · 20242026
View Projects GitHub ↗

About Me

Self-taught developer and security researcher from Bangladesh. Started at 13 and shipped production-grade open-source security tools with proper tests, CI/CD, and documentation. Focused on penetration testing, bug bounty hunting, credential scanning, and automated recon — building the ExploitCraft security toolkit one commit at a time.

Open to bug bounty collabs
🗓20242026 · 2 Years Experience
Years
Experience
+
Tools Built
+
Tests Passing
+
Detection Patterns

Technical Skills

Python90%
TypeScript75%
Bash Scripting80%
Penetration Testing85%
Reconnaissance90%
Bug Bounty Hunting80%
Credential Scanning85%
Next.js70%
GitHub Actions / CI-CD75%
PyPI Publishing80%
JSON/HTML/Markdown Reporting85%
Entropy Analysis75%

Projects

🥷

ReconNinja

v8.3.0Active Pinned

ReconNinja automates the full recon pipeline across 21 phases — subdomain enumeration, live host filtering, port scanning (RustScan/Masscan/Nmap), web discovery (httpx/Nikto/Nuclei), CVE lookup, AI threat analysis, plugin system, resume support, and dark-mode HTML reports.

ShodanVirusTotalWHOISWayback MachineSSL AnalysisCVE LookupAI Threat Analysis
21-phase automated recon pipeline
Port scanning: RustScan / Masscan / Nmap
Web discovery: httpx / Nikto / Nuclei
JSON / HTML / Markdown reporting
Plugin system & resume logic
533 passing tests
GitHub Actions CI/CD
PyPI published
GitHub ↗ PyPI ↗

Live Stats

GitHub Stars
Monthly Downloads

Tech Stack

PythonGitHub ActionsPyPI
🐾

VaultHound

v1.0.0Active

Secret & credential scanner — URL mode, directory mode, git history mode. 43 detection patterns with entropy-based false-positive filtering.

GitHub Stars
Monthly Downloads
URL mode
Directory mode
Git history mode
43 detection patterns
+ 3 more
PythonPyPI
GitHub PyPI
🔐

envleaks

v1.0.0Active

Secret & credential scanner for codebases, git history, and Docker images. 60+ patterns, SARIF output, CI/CD pipeline mode.

GitHub Stars
Monthly Downloads
Codebase / git history / Docker image scanning
60+ detection patterns
SARIF output for GitHub Advanced Security
CI/CD pipeline mode
+ 1 more
PythonPyPIGitHub Advanced Security
GitHub PyPI
📡

wifi-passview

v1.0.0Active

Cross-platform CLI to dump saved WiFi credentials in one command. Linux, Windows, macOS. Terminal / JSON / CSV output with redact mode.

GitHub Stars
Monthly Downloads
Linux: NetworkManager, wpa_supplicant, iwd
Windows: netsh
macOS: Keychain
Terminal, JSON, and CSV output
+ 2 more
PythonPyPI
GitHub PyPI
🎯

gitdork

v0.1.0Active

Google, Shodan & GitHub dork generator for pentesters and bug bounty hunters. Feed it a repo URL or domain — get ready-to-use dork queries.

GitHub Stars
Google / Shodan / GitHub dork generation
Input: repo URL or domain
Targets exposed secrets, sensitive files, misconfigs
Built for pentesters & bug bounty hunters
Python
GitHub🚧 In Dev

Let's Work Together

Open to bug bounty collabs, security projects, and open-source contributions.

Email

emonkk06@gmail.com

GitHub

github.com/ExploitCraft

Visit Profile

PyPI

pypi.org/user/ExploitCraft

Visit Profile