HACKER

Available for Projects

Muhammad Muzammil Khan

I'm a |

Penetration Tester specializing in web and mobile application security. Finding real-world vulnerabilities and delivering actionable security reports for production environments.

Get in Touch Download CV

muzammil@kali:~

$ whoami

penetration_tester

$ cat skills.txt

OWASP Top 10 | Network Security

Black-box Testing | CTF Player

$ ./exploit.sh

[+] Access Granted!

$ _

SCROLL

ABOUT

01.

Who Am I?

5+ Vulns Found

7 Certifications

Penetration Tester & Security Researcher

Penetration Tester currently working at Dawateislami, conducting web and mobile application security assessments. Experienced in identifying and exploiting real-world vulnerabilities including XSS, SQL Injection, IDOR, and credential exposure across production environments.

Skilled in end-to-end engagement delivery — from scoping and exploitation to full report writing with CVSS scoring, PoCs, and remediation guidance. Focused on mobile security using Frida, JADX, and ADB for runtime analysis and APK reverse engineering.

Name Muhammad Muzammil Khan

Email muzammil.pentester.921@gmail.com

Phone +92-319-2025919

Location Karachi, Pakistan

Languages Urdu, English, Arabic

0 Critical Vulns

0 Projects

0 Rooms Completed

WORK

02.

Work Experience

September 2025 – Present Current

Penetration Tester

Dawateislami

Conduct end-to-end web application security assessments, coordinating with the security manager for scope definition and final report review.
Identify and exploit real-world vulnerabilities including XSS, SQL Injection, IDOR, and confidential credential exposure across production systems.
Perform mobile application penetration testing using Frida, JADX, and ADB to analyze runtime behavior, reverse engineer APKs, and identify insecure data handling.
Author complete penetration test reports including executive summaries, CVSS-scored findings, Proof-of-Concepts, and actionable remediation guidance.
Collaborate directly with development teams to validate vulnerability fixes and track remediation progress through re-testing.

PROJECTS

03.

Featured Projects

Confidential

Web Application Penetration Testing

Confidential University | Scope: 2 Public-Facing Applications

Conducted authorized black-box penetration testing on live production applications.

Discovered and exploited 5 critical and medium-severity vulnerabilities including environment file exposure (.env leakage), SMTP credential abuse, JWT token leakage, and exposed database services.
Delivered a full OWASP-based report with CVSS scores, detailed PoCs, and prioritized remediation steps.
Tools used: Burp Suite, Nmap, Gobuster, Swaks, jwt.io, manual fuzzing and recon techniques.

Burp Suite Nmap Gobuster Swaks jwt.io

EDU

04.

Education Background

M.A

Udemy

View Certificate

SKILLS

06.

My Arsenal

Penetration Testing

Experienced in identifying and exploiting vulnerabilities in web and mobile applications and networks.

Web Application Security (OWASP Top 10)

Mobile Application Security (Android)

Network Scanning & Enumeration

Black-box & Grey-box Testing

CVSS Reporting & PoC Development

Programming

Proficient in scripting languages for automation and exploit development.

Python — Scripting, Automation, Exploit Dev

Bash — Recon Automation, Tool Chaining

JavaScript — XSS Payloads, Logic Analysis

Nmap Wireshark Burp Suite Metasploit Hydra FFUF Hashcat John the Ripper SQLMap Gobuster Frida JADX ADB Swaks

Operating Systems

Windows

Kali Linux

Ubuntu

Linux Mint

CONTACT

07.

Get In Touch

Let's Work Together

I'm currently looking for new opportunities in the cybersecurity field. Whether you have a question or just want to say hi, I'll try my best to get back to you!

Email muzammil.pentester.921@gmail.com

Phone +92-319-2025919

Location Karachi, Pakistan

Your Name

Your Email

Subject

Message