HIGH
IDOR on User Profile Endpoint — withpronto.com
Found an IDOR vulnerability in the mobile API that allowed accessing other users' profile data by manipulating the user ID parameter. Sequential enumeration was trivial. Classic "security through obscurity" moment. 🤦
#IDOR #MobileAPI #BugBounty
Aditya ✓
@kongsec
Offensive security researcher · Bug bounty hunter · Tool builder
I find bugs in your apps before the bad guys do.
Your WAF means nothing to me. I speak directly to your API.
#BugBounty #OSINT #ThreatIntel #RedTeam
I find bugs in your apps before the bad guys do.
Your WAF means nothing to me. I speak directly to your API.
#BugBounty #OSINT #ThreatIntel #RedTeam
12 Bugs
8 Tools
6 Writeups
3 Campaigns
∞ Chai consumed
Aditya ✓
@kongsec · 2 days ago
Aditya ✓
@kongsec · 1 week ago
CRITICAL
PRECRIME Framework — Phishing Campaign Takedown
Deployed PRECRIME against live URLScan data and identified a coordinated phishing campaign targeting a major financial institution. 47 domains flagged, 12 active credential harvesters taken down within 24 hours.
Scammers: "We're very sneaky"
Me: *finds them using free-tier URLScan queries* 🕵️
#ThreatIntel #PRECRIME #Phishing
PRECRIME Framework — Phishing Campaign Takedown
Deployed PRECRIME against live URLScan data and identified a coordinated phishing campaign targeting a major financial institution. 47 domains flagged, 12 active credential harvesters taken down within 24 hours.
Scammers: "We're very sneaky"
Me: *finds them using free-tier URLScan queries* 🕵️
#ThreatIntel #PRECRIME #Phishing
$ python precrime.py --mode=hunt --feed=urlscan
[*] Polling URLScan feed...
[+] 47 suspicious domains identified
[+] Cluster confidence: 94.2%
[!] CAMPAIGN DETECTED: FIN-2024-0847
[+] IOCs extracted → Telegram alert dispatched
[+] 12 domains reported for takedown
root@kongsec:~$ echo "another day, another campaign burned"
[*] Polling URLScan feed...
[+] 47 suspicious domains identified
[+] Cluster confidence: 94.2%
[!] CAMPAIGN DETECTED: FIN-2024-0847
[+] IOCs extracted → Telegram alert dispatched
[+] 12 domains reported for takedown
root@kongsec:~$ echo "another day, another campaign burned"
Aditya ✓
@kongsec · 2 weeks ago
MEDIUM
Salesforce Commerce Cloud Misconfiguration — celine.com
Passive recon revealed exposed SFCC endpoints leaking internal config data...
Salesforce Commerce Cloud Misconfiguration — celine.com
Passive recon revealed exposed SFCC endpoints leaking internal config data...
HTTP/1.1 200 OK
X-SF-CC-Version: 24.1
{"_type":"site","preferences":{"debug_mode":true}}
[REDACTED — TLP:AMBER]
...
X-SF-CC-Version: 24.1
{"_type":"site","preferences":{"debug_mode":true}}
[REDACTED — TLP:AMBER]
...
🔒
TLP:AMBER — Exclusive Content
Subscribe to see full methodology
Aditya ✓
@kongsec · 3 weeks ago
RECON
JS Recon Deep Dive — Secrets in Production JavaScript
Wayback Machine + CDX API = free-tier treasure hunt through historical JS files. Companies really be shipping AWS keys in bundle.js 💀
JS Recon Deep Dive — Secrets in Production JavaScript
Wayback Machine + CDX API = free-tier treasure hunt through historical JS files. Companies really be shipping AWS keys in bundle.js 💀
$ python jsrecon_cyborg.py --target ██████.com --deep
[*] Fetching CDX index... 847 unique JS files
[!] AWS_ACCESS_KEY_ID in /static/js/app.bundle.js
[!] Stripe key in /js/checkout.min.js
[FULL REPORT REDACTED]
[*] Fetching CDX index... 847 unique JS files
[!] AWS_ACCESS_KEY_ID in /static/js/app.bundle.js
[!] Stripe key in /js/checkout.min.js
[FULL REPORT REDACTED]
🔒
Full PoC Locked
Subscribe for the complete methodology
🔍
ReconPages / SnapHunt
🟢 LIVE
Full recon dashboard deployed as static GitHub Pages. Domain enumeration, subdomain discovery, and visual snapshots — zero backend.
HTML/JSGitHub PagesStatic
🕷️
jsrecon_cyborg.py
PYTHON
Wayback CDX-based JS file hunter with secret detection engine. Finds leaked API keys, tokens, and endpoints in historical JS bundles.
PythonWayback CDXSecrets
🎯
UScan-QHunt v2
OSINT
Phishing query generator for URLScan.io. Crafts optimized queries to hunt brand impersonation domains using only free-tier search fields.
URLScan.ioGitHub PagesPhishing Detection
🛡️
OpenClaw Campaign Hunter
FRAMEWORK
Automated threat campaign detection. Polls URLScan for new phishing infra, deduplicates, clusters campaigns, and delivers Telegram alerts.
PythonURLScan APITelegramClustering
📡
WhatsApp Bulk Monitor
RECON
Bulk WhatsApp number status checker for OSINT investigations. Monitors online/offline patterns at scale.
PythonSeleniumOSINT
🧪
OpenClaw Prompt Forge
AI
AI-powered prompt generator for security ops. Creates targeted URLScan queries, recon commands, and report templates on the fly.
GitHub PagesLLMStatic
🧑💻 Who is kongsec?
Offensive security researcher based in India. I specialize in bug bounty hunting, brand protection, OSINT, and predictive threat intelligence.
I build recon tools, hunt phishing campaigns before they launch, and break things so companies can fix them. Most of my tooling ships as zero-dependency static sites — no backend, no API keys, just raw utility deployed to GitHub Pages.
Basically, I'm the guy who finds your exposed .env file at 3am while drinking chai.
🎯 What I Do
- Bug Bounty Hunting across HackerOne, Bugcrowd & private programs
- Brand Protection & Impersonation Detection at scale
- Threat Intelligence via PRECRIME predictive framework
- OSINT tooling & reconnaissance automation
- Security research & responsible vulnerability disclosure
🏆 Highlights
- Built 8+ open-source security tools on GitHub Pages
- PRECRIME — predictive phishing campaign detection framework
- OSAI Training Vault — 22-module guide for OffSec AI-300
- Multiple responsible disclosures across SaaS & e-commerce
- Published research on Agentic AI in enterprise security
📬 Connect
Want to collaborate, report something, or talk security?