Security Researcher  ·  Bug Bounty Hunter

Muhammad
Zeeshan

Web Application Security·Responsible Disclosure·Bug Bounty

Specialised in uncovering high-severity vulnerabilities across global platforms — from government agencies to enterprise technology. Turning security gaps into trust.

Profile

Who I Am

I am Muhammad Zeeshan, a security researcher and bug bounty hunter with a sharp focus on web application vulnerabilities and responsible disclosure. My goal is to identify critical security weaknesses before they can be exploited.

My work has earned Hall of Fame recognition from NASA, the US Department of Commerce, Air Canada, Xsolla Inc, and TNS — reflecting a consistent ability to find real, high-impact issues across diverse environments worldwide.

Every engagement is approached with precision and professionalism. From deep recon to a clean final report, I am committed to making the systems I test genuinely more secure.

// researcher.config
const zeeshan = {
  role:     "security_researcher",
  focus:    "web_appsec",
  approach: "responsible_disclosure",
  impact:   "high_severity"
}
Web App Pentesting XSS & Injections Auth Bypass SSRF & XXE API Security IDOR & BAC Recon & OSINT Business Logic CSRF & CORS Subdomain Enum
Arsenal

Technical Skills

Vulnerability Classes 13 vectors
SQLiXSS SSRFSSTI XXERCE IDORCSRF Open Redirect Host Header Injection CRLF Injection Auth Bypass Business Logic
Tools & Platforms 12 tools
Burp SuiteNuclei Kali Linuxffuf httpxSubfinder AmassWaybackurls ShodanNmap MetasploitSQLmap
Recon & OSINT 8 techniques
Subdomain Enumeration JS Analysis Google Dorking API Discovery Tech Fingerprinting Endpoint Mapping DNS Recon GitHub Recon
Languages & Dev 8 stacks
PythonBash JavaScriptPHP Node.jsHTML & CSS SQLRegex
Recognition

Hall of Fame

Recognized by leading organisations across government, aviation, fintech, and enterprise technology for responsible disclosure of verified security vulnerabilities.

NASA
NASA
US Department of Commerce
US Dept. of Commerce
Air Canada
Air Canada
Xsolla Inc
Xsolla Inc
Transaction Network Services
Transaction Network Services
Lexzur
Lexzur
Outfox Stories
Outfox Stories
Dune
Dune
Scanii
Scanii
Bitmovin
Bitmovin
Process

How I Hunt

01
Recon & Enumeration
Deep target reconnaissance — subdomain discovery, endpoint mapping, JavaScript analysis, and technology fingerprinting to map the complete attack surface.
02
Vulnerability Analysis
Systematic testing against OWASP Top 10 and beyond — authentication flaws, injection points, broken access controls, and complex business logic vulnerabilities.
03
Exploitation & PoC
Crafting clean, reproducible proof-of-concept exploits that demonstrate real-world impact and communicate severity clearly and accurately to security teams.
04
Responsible Disclosure
Structured reports with CVSS ratings, exact reproduction steps, impact assessment, and clear actionable remediation recommendations for every finding.
05
Remediation Support
Working alongside security teams through the fix cycle — verifying patches, clarifying findings, and ensuring vulnerabilities are fully and correctly resolved.
06
Continuous Research
Staying ahead through ongoing CVE analysis, CTF competitions, and deep engagement with the global vulnerability research and bug bounty community.
Connect

Get In Touch

Have a private program invitation, security consultation inquiry, or want to discuss a collaboration? I respond to all legitimate inquiries within 24–48 hours.

📧
Direct Email
security@zeeshan.id

Send a Message