Application security researcher & tool builder.
- π Reverse engineering iOS apps with Frida β anti-tamper bypasses, runtime instrumentation, jailbreak detection research.
- π§ͺ Writing Burp Suite and Chrome extensions for web AppSec automation.
- π οΈ I learn things by building small, focused tools and putting them on GitHub.
- π Currently exploring iOS pentesting workflows and publishing the playbooks.
| Repo | What it does |
|---|---|
frida-codeshare-fuzzer |
CLI that pulls community Frida scripts from codeshare.frida.re, shims them for Frida 17, and fires them at an iOS app one after the other. |
REFDOMCLOBIDNTIFIER |
Burp extension that surfaces DOM XSS and DOM Clobbering candidates in scanned traffic. |
xss-char-probe |
Burp extension that probes which special characters reflect cleanly through a target β quick XSS surface mapping. |
Chrome-Google-Dorker-Extension |
Chrome extension that runs a recon-oriented Google dork set against any host you visit. |
ios-penetration-testing-cheat-sheet |
A living reference for the iOS pentest workflows I actually use. |
BugBounty-Hosts |
Host-assessment methodology β recon β ports β services β HTTP β fuzzing β diffing, with the one-liners for each step. |
- LinkedIn: linkedin.com/in/himanshu-giri-6b7131ba
- Synack Red Team: acropolis.synack.com/inductees/himanshugiri
Only running tools against apps I own or am authorised to test. Don't be a jerk.