GitHunt
MU

muhammedmfd/penetration-tester-portfolio

Penetration Tester portfolio. As a Security Researcher, I provided ethical hack disclosures for organizations like NASA and Intel. Expert in web security, vulnerability research, and helping businesses fix website flaws. Focused on professional-grade penetration testing.

affordableethical-hackerinfosecmanual-testingpenetration-testpenetration-testerportfolio-projectportfolio-websiteremote-workingsecurity-advisorysecurity-auditsecurity-consultantsecurity-testingvulnerability-assessmentvulnerability-managementweb-penetration-testingweb-securityweb-serviceswebapp-securitywebsite-test

GitHub Repository Name
penetration-tester-portfolio

Web Penetration Tester & Security Researcher

Welcome to my official security research portfolio. I am Muhammed Ashml, a Penetration Tester specialized in web application security vulnerabilities and complex business logic flaws. I excel at "breaking" logic and helping organizations fix website vulnerabilities before they can be exploited.

Hall of Fame & Disclosures

My research and ethical hack disclosures have been recognized by some of the world's most high-profile organizations:

  • NASA
  • Intel
  • Atlassian
  • Twilio
  • Oxford University
  • Hunter.io
  • Synology
  • Maastricht University
  • ...and various other organizations.

Technical Specialties & Vulnerabilities

I specialize in identifying traditional technical exploits and unique business logic flaws that automated tools miss:

  • Critical Exploits: Remote Code Execution (RCE) & Server-Side Request Forgery (SSRF).
  • Common Web Vulnerabilities: XSS, CSRF, and Insecure Direct Object Reference (IDOR).
  • Business Logic: Finding unique bypasses of security controls and logic flow errors.
  • Fixing Flaws: Providing actionable remediation paths for developers.

The Toolkit

A blend of industry-standard tools and I build custom-coded scripts alongside industry-standard tools to achieve deep-dive discovery that automated scanners miss.

  • Analysis: Burp Suite (Primary Proxy)
  • Network/Exploitation: Metasploit & Nmap
  • Automation: Custom Python/Bash Scripts
  • Reconnaissance: Dirsearch, Ffuf, & Subfinder

Why My Work Matters

In modern security, anyone can run a scanner. My value lies in Manual Penetration Testing. I don't just find bugs; I understand the business context and help organizations bridge the gap between vulnerability and and robust fix

Get in Touch

I am open to discussing new security challenges, professional pentest opportunities, or networking with fellow researchers.

"The developer builds the path, the scanner follows the path, but the penetration tester finds the logic in the space between the steps."
Muhammed Ashmil

Languages

HTML100.0%

Contributors

MU
Created February 10, 2026
Updated February 10, 2026
muhammedmfd/penetration-tester-portfolio | GitHunt