[ OK ] Dual-mode profile loaded — security + development stack online
// IDENTITY DECRYPTED — INITIALIZING PROFILE
Mohammed
Fahad P
Pentester  /  Security Researcher  /  Backend Developer
■ OFFENSIVE SECURITY
■ BACKEND DEVELOPMENT
Cybersecurity professional and backend developer with hands-on expertise in web app pentesting, API security, bug bounty research, and building production-grade tools in Go, Python, and Java. Two roles. One mindset: break it, build it, secure it.
📩 Available for Security & Backend Developer roles — open to full-time, internship & freelance opportunities
↓ Penetration Tester Resume ↓ Backend Developer Resume
10+
Vulns Found
20+
Labs Cleared
6
Repos
5
Certs
4
Languages
■ OFFENSIVE SECURITY
Arsenal
Burp Suite Pro
Nmap
Metasploit
SQLMap
Gobuster
Wireshark
OWASP ZAP
Netcat
Nikto
Kali Linux
XSS
SSRF
IDOR
CSRF
CORS
Auth Bypass
Business Logic Flaws
OWASP Top 10
VAPT
Bug Bounty
API Security
Active Directory
Ops Log
Cyber Security Intern
Future Interns — 2026
Vulnerability assessments on live websites using Nmap & OWASP ZAP — risk classification and remediation reports.
Phishing email analysis — spoofed senders, fake domains, and malicious link identification.
API security testing via Postman & Browser DevTools — auth flaws, insecure endpoints, missing rate-limiting.
Freelance VAPT Consultant & Security Researcher
Independent — 2025 – Present
10+ confirmed vulnerabilities through bug bounty & VDP programs with full PoC documentation.
Web application VAPT — XSS, SSRF, IDOR, auth bypass, business logic flaws across multiple targets.
Security Tools
[ Go ]
JSRecon
Offensive recon tool extracting hidden API endpoints, params & hardcoded secrets from JS files via regex & AST parsing.
reconASToffensive
↗ ./view_repo
[ Go ]
PassGuard
Rule-based password strength & exposure risk analyzer with weak pattern detection for offensive research.
passwordanalysisethical
↗ ./view_repo
[ Report ]
OWASP Juice Shop Pentest
Full web app pentest of OWASP Juice Shop aligned with OWASP Top 10 — complete documented methodology & findings.
OWASPweb pentest
↗ ./view_repo
[ Report ]
Vulnerability Assessment
Professional VA report with structured findings, risk classifications, and remediation guidance for real-world targets.
VAPTriskreport
↗ ./view_repo
Security Credentials
[+]
Certified Penetration Tester v3 (CPTv3)Red Team Hacker Academy — 2025
[+]
Google Cybersecurity Professional CertificateGoogle — 2026
[+]
PortSwigger Web Security Academy20+ labs — XSS, SSRF, Auth Bypass & Business Logic Exploitation
■ BACKEND DEVELOPMENT
Dev Stack
Java
Python
Go
JavaScript
C/C++
Flask
FastAPI
REST APIs
MySQL
Docker
MLflow
Scikit-learn
Flutter
Git / GitHub
SDLC
Role-Based Access Control
Dev Projects
[ Python · Docker · FastAPI ]
MLOps Pipeline
End-to-end ML pipeline — RandomForest housing price prediction, MLflow experiment tracking, FastAPI inference API, Docker containerization.
MLOpsDockerFastAPI
↗ ./view_repo
[ Python · Flask · MySQL · Flutter ]
NSS Management System
Full-stack platform managing NSS activities across schools. Flask REST APIs, MySQL storage, RBAC for 5 user roles, Flutter cross-platform frontend.
full-stackRBACFlutter
[ Shell · systemd ]
SRE Linux Reliability
Linux service monitoring, automatic recovery via systemd, and failure simulation for production reliability engineering.
SRELinuxsystemd
↗ ./view_repo
Dev Credentials
[+]
Introduction to AI and Machine Learning on Google CloudGoogle Cloud
[+]
Generative AI Model CertificateNxtWave
■ EDUCATION
Bachelor of Computer Applications (BCA)
University of Calicut, Kerala — 2022 – 2025