Cybersecurity Intelligence · OSINT · Vulnerability Research

Hello, I'm Roh4an PWN-001 · Cybersecurity Researcher

Google Bug Hunter Bugcrowd Verified Pakistan

Vulnerability Research  ·  OSINT Automation  ·  Exposure Intelligence

Cybersecurity practitioner specializing in vulnerability discovery and OSINT automation. Transforming digital footprints into actionable intelligence. 5+ years disassembling attack surfaces. Recognized for preventing 1.14 TB of sensitive data exposure.

View Research Explore TBV Collective
0
Years Practice
0
TBV Users
1.14TB+
Data Protected
scroll
About

About PWN-001

Cybersecurity researcher specializing in vulnerability discovery, OSINT automation, and exposure intelligence.

Security Research & OSINT Automation

I specialize in mapping digital infrastructure to uncover vulnerabilities, exposed assets, and intelligence signals that are often overlooked. My work focuses on practical security research, structured OSINT methodologies, and actionable vulnerability discovery.

Recognized by Google Bug Hunters and Bugcrowd for responsible disclosure of vulnerabilities including XSS, Open Redirect, CSRF, and infrastructure misconfigurations.

Contributed to the prevention of 1.14 TB of sensitive data exposure through responsible disclosure and infrastructure misconfiguration analysis.

Current Work: Building TBV Server — a self-hosted intelligence platform combining real-time system monitoring, multi-source OSINT, CRM, CCTV integration, and structured threat analysis.

Vulnerability Research

XSS, CSRF, Open Redirect, infrastructure exposure analysis across live targets

OSINT Automation

Breach intelligence, digital footprinting, and passive reconnaissance pipelines

Exposure Intelligence

Exposure tracking, warning-oriented analysis, structured risk reporting

Systems Engineering

Building TBV Server, automation pipelines, intelligence tooling at scale

RF & Signal Intelligence

Shortwave listening, spectrum analysis, wireless security research

Recognition

Research Recognition

Formal recognition from major vulnerability disclosure programs and proven impact in data protection.

Verified

Dragon Badge

Google Bug Hunters · Oct 2024

Recognized for responsible disclosure of critical XSS and Open Redirect vulnerabilities in YouTube. Formal recognition from Google's security team.

Verified

Submission Shogun / Bounty Bee

Bugcrowd Program · Jan 2025

High-volume submission recognition. Reported and validated critical security flaws in public platforms, directly contributing to vendor security improvements.

Verified

Certificate of Recognition

SMIU · Apr 2026

Recognized for participation in Civil Applications of Radio Technologies in Emergencies — covering RF systems and disaster response communications.

Major Impact Achievements

1.14 TB Data Exposure Prevented

Discovered critical misconfigurations across 5 Pakistani software firms. Coordinated responsible disclosure preventing large-scale sensitive financial and employee data exposure.

Large-Scale Data Leak Mitigation

Coordinated with educational institution administrators to mitigate a student data leak, safeguarding thousands of users and improving their protection framework.

Platform Vulnerabilities Disclosed

Identified and reported an Open Redirect vulnerability in Bugcrowd's own platform, directly contributing to improved application security and vendor awareness.

450+ Users Served

TBV Bot OSINT automation tool used by 450+ security practitioners for breach detection and Exposure Intelligence workflows worldwide.

TBV Collective

The TBV Collective

Independent cyber intelligence collective focused on OSINT, exposure analysis, and warning-oriented research.

About TBV

TBV (To Be Verified) operates as the strategic framework for organized cyber intelligence work. Built on three layers: TBV Server (the operational backbone), TBV Bot (field automation, now retired), and the broader intelligence methodology.

The goal is simple: take messy digital footprints, scattered signals, and exposed data — then transform them into something that can actually be reasoned about. Everything integrates — collection, verification, analysis, and delivery.

Active Users 450+
Modules Built 12+
Data Sources Integrated 8+

TBV Server

Self-hosted LAN intelligence platform combining system monitoring, CRM, OSINT, CCTV, and network tooling into unified operational control.

  • System monitoring dashboard
  • Real-time OSINT integration
  • CCTV & network scanning
  • FastAPI + SQLAlchemy stack

TBV Bot

Retired

OSINT automation tool used by 450+ users. Modular Python architecture with breach detection, threat correlation, and social media reconnaissance.

  • Breach detection automation
  • Threat correlation logic
  • Social media reconnaissance
  • Identity metadata extraction

Vulnerability Research

Hands-on discovery of web application vulnerabilities, infrastructure misconfigurations, and digital exposure through systematic analysis.

  • XSS, CSRF, Open Redirect discovery
  • Infrastructure misconfiguration audits
  • Data exposure prevention
  • Responsible disclosure coordination
Research

Research Intelligence

Methodology-driven investigations into exposure analysis, infrastructure mapping, and threat landscape intelligence.

DISCOVERY

Vulnerability Discovery

Systematic detection of security weaknesses in web applications and infrastructure. Focus on XSS, Open Redirect, CSRF, and infrastructure misconfigurations.

Web Apps Infrastructure Burp Suite
BREACH

Breach Detection & Analysis

Intelligence gathering on data breaches, exposure discovery, and compromise confirmation. Automated breach monitoring and correlation.

Detection Monitoring Analysis
FOOTPRINT

Digital Footprint Analysis

Comprehensive mapping of digital identity exposure. Social media reconnaissance, identity metadata extraction, and cross-platform analysis.

OSINT Mapping Social Media
RECON

Infrastructure Reconnaissance

Passive mapping and asset discovery. DNS enumeration, WHOIS analysis, Shodan scanning, and technology fingerprinting without active probing.

DNS Shodan Passive
PREVENTION

Data Leak Prevention & Mitigation

Identification of sensitive data exposure vectors. Risk assessment, remediation coordination, and prevention strategies for data loss.

Risk Assessment Mitigation Prevention
AUTOMATION

Exposure Intelligence Automation

Python-powered automation of intelligence workflows. Integration of multiple OSINT APIs, scheduled research, and real-time threat correlation.

Python APIs Automation
Projects

Featured Projects & Tools

Production systems, research tools, and intelligence platforms built for cybersecurity analysis and OSINT operations.

TBV Server

Active Development

Self-hosted LAN intelligence platform combining monitoring, OSINT, CRM, CCTV, and network tooling into unified operational control.

Capabilities
  • Real-time system monitoring (CPU, RAM, disk, network)
  • CCTV camera integration with live stream (WebRTC/HLS)
  • Multi-source OSINT (Breach detection, Malware tracking)
  • Cloud Storage Bucket Scanner (AWS S3 & Google Cloud)
  • WiFi network scanning & asset discovery
  • HTTP Request Replicator (cURL, Fetch, HAR formats)
Tech Stack
FastAPIPython 3.11SQLAlchemyNginxAPSchedulerFFmpeg
Visit TBV Server

TBV Bot

Retired · Jul 2025

OSINT automation tool used by 450+ users for breach detection and Exposure Intelligence workflows. Modular Python architecture.

Features
  • Breach detection & credential monitoring
  • Malware association tracking
  • Social media reconnaissance engine
  • IP-based threat artifact correlation
  • Identity metadata extraction (lawful sources)
  • Modular architecture with rate-limiting
Tech Stack
PythonDiscord.pyOSINT APIsAsyncAutomation
Visit TBV Bot

Bug Bounty Programs

Responsible vulnerability disclosure with formal recognition from major tech platforms. Google, Bugcrowd, and more.

Recognition
  • Google Bug Hunters — Dragon Badge (Oct 2024)
  • Bugcrowd — Submission Shogun (Jan 2025)
  • Bugcrowd — Bounty Bee (Jan 2025)
  • XSS, Open Redirect, CSRF vulnerabilities
  • Infrastructure & configuration exposure analysis
IMPACT: 1.14 TB data exposure prevented · Multiple platforms secured
Google Bug Hunters
Infrastructure

Infrastructure Stack

Complete overview of research systems, intelligence pipelines, and operational infrastructure.

Research Systems

Dedicated infrastructure for OSINT research, data collection, and intelligence analysis workflows.

  • Collection systems
  • Data processing
  • Analysis tools
  • Report generation

Intelligence Pipeline

Automated intelligence aggregation and processing pipeline for real-time threat monitoring.

  • Feed aggregation
  • Data normalization
  • Correlation engine
  • Alert distribution

Automation

Automated workflows for recurring research tasks, scanning, and intelligence gathering.

  • Scheduled scans
  • Automated checks
  • Batch processing
  • Workflow orchestration

Monitoring

Real-time monitoring, alerting systems, and operational dashboards for infrastructure oversight.

  • Real-time alerts
  • Health monitoring
  • Performance tracking
  • Incident response

Storage & Processing

Scalable storage infrastructure and high-performance data processing for large datasets.

  • Database systems
  • Data warehousing
  • Query optimization
  • Backup systems

Integration & APIs

API infrastructure and integrations with third-party services and intelligence sources.

  • REST APIs
  • GraphQL interface
  • Third-party feeds
  • Webhook support
Skills

Technical Expertise

Comprehensive skill set across cybersecurity, OSINT, infrastructure, and intelligent systems development.

Languages

Python Advanced
Bash / Shell Expert
JavaScript Advanced
HTML / CSS Advanced

Security Tools

Burp Suite Advanced
Nmap Advanced
Shodan / Censys Expert
Metasploit Intermediate

Frameworks

FastAPI Advanced
SQLAlchemy Advanced
Discord.py Advanced
Async Patterns Advanced

Infrastructure

Linux Administration
Nginx & Reverse Proxy
Docker & Containerization
Git & Version Control
SQLite & Database Design
SDR & Signal Analysis

OSINT Methods

Breach Detection & Monitoring
Social Media Reconnaissance
DNS & Passive Recon
Identity Metadata Extraction
Threat Correlation & Analysis
Data Leak Investigation

Specializations

Vulnerability Discovery & Assessment
Web App Security (OWASP Top 10)
Infrastructure Exposure Analysis
Cyber Exposure Intelligence
Responsible Disclosure Coordination
Intelligence Automation Systems
Contact

Get in Touch

Open to collaboration, research partnerships, and security consulting inquiries.

PWN-001 Logo

PWN-001

Cybersecurity Practitioner · OSINT Builder

AVAILABLE FOR COLLABORATION

Identity & Professional Aliases

I operate under multiple professional aliases across platforms. PWN-001, Roh4an, and related identifiers represent the same cybersecurity research and may not reflect my legal name.

Email
[email protected]

Connect Online

Response Time
Usually within 24–48 hours

Send a Message

I typically respond within 24–48 hours for urgent matters.

root@pwn-001 ~ devtools_guard.sh

$ ./intrusion_detected.sh

[!] Developer Tools detected

Developer Tools: BLOCKED
Session flagged: TRUE
Operator notified: absolutely not, I'm not that dramatic
Clearance Level: DENIED

// Look, I get it. Curiosity is healthy. I'm literally a cybersecurity researcher.
// But poking around someone's site without permission is still rude.
// If you found something legit — email [email protected]
// If you're just vibing — close DevTools and we're cool. 🤝

$ ./responsible_disclosure.sh

PWN-001 · pwn-001.xyz · DevTools Guard v1.0 · "Built by a hacker, to catch hackers"