Skip to content
View faizzyhon's full-sized avatar
:atom:
Available for Jobs
:atom:
Available for Jobs
20 followers · 4 following

Achievements

Achievement: QuickdrawAchievement: Pull SharkAchievement: Pair ExtraordinaireAchievement: Starstruck

Achievements

Achievement: QuickdrawAchievement: Pull SharkAchievement: Pair ExtraordinaireAchievement: Starstruck

Highlights

Block or report faizzyhon

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
faizzyhon/README.md

Hacking GIF

🕵️ About Me

class MuhammadFaizan:
    def __init__(self):
        self.name       = "Muhammad Faizan"
        self.alias      = "faizzyhon"
        self.email      = "faizzyhon@gmail.com"
        self.role       = "Cybersecurity Researcher & Bug Bounty Hunter"
        self.cert       = "EC-Council Bug Bounty Professional"
        self.location   = "🌍 Hack the Planet"

    @property
    def focus(self):
        return [
            "PHP Web Application Pentesting",
            "OWASP Top 10 Vulnerability Research",
            "Business Logic Bypass & Payment Testing",
            "Automated Security Scanner Development",
            "CVE Research & Responsible Disclosure",
        ]

    @property
    def current_projects(self):
        return [
            "🔥 BugScanner   — PHP Web Security Scanner",
            "⚡ Cyberburg     — Advanced Web Pentest Suite (v2.0 PHANTOM BLADE)",
        ]

    def motto(self):
        return "⚡ Think like an attacker. Defend like a guardian."

🔥 Featured Projects

  

🛡️ BugScanner — PHP Web Security Scanner

🛡️ What is BugScanner?

BugScanner is a professional-grade PHP Web Security Scanner built for Bug Bounty hunters and Ethical Hackers. It automates detection of OWASP Top 10 vulnerabilities with AI-powered CVSS 3.1 scoring and generates HackerOne-ready PDF reports.

Built for EC-Council Bug Bounty course — real-world training target tested.

⚡ Key Capabilities

  • 🔐 Auth Bypass — JWT attacks, session fixation, brute-force
  • 💳 Payment Bypass — Race conditions, IDOR on order IDs
  • 🐘 PHP Arsenal — LFI/RFI, SSTI, Object Injection, DB Dump
  • 🕳️ SQLi Engine — UNION, error-based, LOAD_FILE, INTO OUTFILE
  • 🐚 Webshell Detection — c99, r57, WSO, b374k auto-scan
  • 📄 PDF Reports — Professional HackerOne/Bugcrowd format
 
# Install & Launch
$ git clone https://github.com/faizzyhon/BUGSCANNER---PHP-Web-Security-Scanner-for-Bug-Bounty-Penetration-Testing
$ pip install -r requirements.txt
$ python main.py scan --url https://target.com --modules all --auth --report pdf
Module Coverage OWASP Category
sqli SQL Injection + DB Dump A03: Injection
xss Reflected / Stored / DOM A03: Injection
auth JWT / Brute-Force / Session A07: Auth Failures
payment Race Condition / IDOR A04: Insecure Design
php LFI/RFI / Webshell / SSTI A05: Misconfig
idor Horizontal / Vertical Priv Esc A01: Broken Access
ssrf Internal Network Probing A10: SSRF

⚡ Cyberburg — Advanced Web Pentest Suite v2.0.0 — PHANTOM BLADE

🔥 What is Cyberburg?

Cyberburg is a full-stack Linux Web Penetration Testing Framework that orchestrates 30+ professional security tools under a single terminal interface. It runs tools in sequence, parses their output automatically, correlates findings across modules, and generates professional dark-themed HTML security reports — all in one command.

Built for professional pentesters, bug bounty hunters, and red teamers.

⚡ Key Capabilities

  • 🔍 Recon Engine — WHOIS, DNS, subdomain enum, email harvest, OSINT
  • 🔌 Port Scanner — Nmap (quick/full/stealth/UDP/vuln scripts)
  • 🕸️ Web Scan — Nikto, WhatWeb, WAF detect, header audit, CMS scan
  • 💉 SQLi Testing — SQLMap (all techniques) + manual error probing
  • 🎭 XSS Testing — Dalfox + manual payloads + DOM XSS analysis
  • 📂 Dir Brute — Gobuster/FFuf/Dirb + 30 critical path checks
  • 🔐 SSL/TLS — SSLScan, Heartbleed, POODLE, cipher analysis
  • 🚀 Nuclei — 7000+ CVE & misconfiguration templates
  • 📊 Reports — HTML (dark theme + charts) + JSON + TXT
 
# Install & Launch
$ git clone https://github.com/faizzyhon/cyberburg
$ sudo bash install.sh
$ python3 cyberburg.py                          # Interactive menu
$ python3 cyberburg.py -t https://target.com    # Full scan
$ python3 cyberburg.py -t target.com --quick    # Quick scan
$ python3 cyberburg.py -t target.com --stealth  # Stealth mode
Module Tools Used Coverage
recon whois, dig, subfinder, amass, theHarvester OSINT + DNS
ports nmap (6 modes) TCP/UDP + OS fingerprint
web nikto, whatweb, wafw00f, curl OWASP headers, WAF, CMS
sqli sqlmap (BEUSTQ) + manual All SQLi techniques
xss dalfox + DOM analysis Reflected / DOM XSS
dirs gobuster, ffuf, dirb Files, APIs, admin panels
ssl sslscan, openssl TLS 1.0/1.1, ciphers, CVEs
nuclei nuclei templates 7000+ CVE & misconfig checks

🧰 Tech Arsenal

🔴 Offensive Security

💻 Programming & Scripting

🏆 Certifications & Platforms

🛠️ Tools & Libraries

📊 GitHub Analytics


GitHub Streak

🏆 GitHub Trophies

📈 Contribution Activity

🌐 Bug Bounty & Security Profile

╔══════════════════════════════════════════════════════════════╗
║              SECURITY RESEARCHER PROFILE                     ║
╠══════════════════════════════════════════════════════════════╣
║  Specialization : PHP Web Application Security               ║
║  Methodology    : OWASP Top 10 (2021) + Custom Playbooks     ║
║  Report Format  : HackerOne / Bugcrowd Standard              ║
║  Scoring System : CVSS v3.1 (Base + Temporal + Environmental)║
║  Tools Built    : BugScanner  — Automated PHP Pentest Suite  ║
║                   Cyberburg   — Advanced Web Pentest Suite   ║
║  Course         : EC-Council Bug Bounty Professional         ║
╚══════════════════════════════════════════════════════════════╝

🎯 Expertise Areas

Web Application Security

  • SQL Injection (Union, Blind, Error-based)
  • XSS (Reflected, Stored, DOM-based)
  • CSRF, IDOR, Broken Access Control
  • PHP Object Injection / Unserialize
  • Server-Side Template Injection (SSTI)

Authentication & Session

  • JWT Token Attacks (alg:none, weak secrets)
  • Session Fixation & Hijacking
  • Password Reset Poisoning
  • OAuth / SAML Bypass Techniques
  • Multi-Factor Auth Bypass

Infrastructure & Network

  • SSRF (Internal Network Probing)
  • Local / Remote File Inclusion
  • XXE (XML External Entity)
  • Open Redirect Chains
  • Subdomain Takeover

📂 All Projects

Project Description Tech Status
🔥 BugScanner PHP Web Security Scanner — OWASP Top 10 automated with CVSS scoring & PDF reports Python, Click, Rich ⭐ Featured
Cyberburg Advanced Linux Web Pentest Suite — 30+ tools, 8 scan modules, HTML/JSON reports Python, Rich, Nmap, Nuclei 🔴 v2.0 LIVE

📡 Connect With Me



💬 Open to: Bug Bounty Collaborations • Security Research • Open Source Contributions

snake animation 
███╗   ███╗██╗   ██╗██╗  ██╗ █████╗ ███╗   ███╗███╗   ███╗ █████╗ ██████╗
████╗ ████║██║   ██║██║  ██║██╔══██╗████╗ ████║████╗ ████║██╔══██╗██╔══██╗
██╔████╔██║██║   ██║███████║███████║██╔████╔██║██╔████╔██║███████║██║  ██║
██║╚██╔╝██║██║   ██║██╔══██║██╔══██║██║╚██╔╝██║██║╚██╔╝██║██╔══██║██║  ██║
██║ ╚═╝ ██║╚██████╔╝██║  ██║██║  ██║██║ ╚═╝ ██║██║ ╚═╝ ██║██║  ██║██████╔╝
╚═╝     ╚═╝ ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝╚═╝     ╚═╝╚═╝  ╚═╝╚═════╝

███████╗ █████╗ ██╗███████╗ █████╗ ███╗   ██╗
██╔════╝██╔══██╗██║╚══███╔╝██╔══██╗████╗  ██║
█████╗  ███████║██║  ███╔╝ ███████║██╔██╗ ██║
██╔══╝  ██╔══██║██║ ███╔╝  ██╔══██║██║╚██╗██║
██║     ██║  ██║██║███████╗██║  ██║██║ ╚████║
╚═╝     ╚═╝  ╚═╝╚═╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝

「 Hack the Planet 🌍 | Think Offensive. Stay Ethical. 」

faizzyhon@gmail.com

Pinned Loading

  1. WebHawk WebHawk Public template

    WebHawk is an open source project for website Penetration and Ddos Protect checking Tool

    Python 5 3

  2. mash mash Public

    Capture microphone Of Your Victim by Sending Link

    Shell 9 2

  3. BUGSCANNER---PHP-Web-Security-Scanner-for-Bug-Bounty-Penetration-Testing BUGSCANNER---PHP-Web-Security-Scanner-for-Bug-Bounty-Penetration-Testing Public

    BugScanner is a professional-grade, modular Python web vulnerability scanner engineered for bug bounty hunters, penetration testers, and security researchers. Built specifically around the OWASP To…

    Python 4 3

  4. Cyberburg Cyberburg Public

    Advanced Web Penetration Testing Suite

    Python 4 2

  5. BTCPRO BTCPRO Public

    High-Performance Trading Intelligence Dashboard powered by Local AI (Ollama)

    JavaScript 2 1

  6. DeadDroid-v2.0---PhantomDroid DeadDroid-v2.0---PhantomDroid Public

    The ultimate Android Penetration Testing Framework. A professional operations platform featuring automated APK binding, live TUI dashboards, Telegram remote control, AI-powered smali mutation, and …

    Python 2