Skip to content
View hits313's full-sized avatar
:shipit:
⚠️ Profile under CIA surveillance
:shipit:
⚠️ Profile under CIA surveillance
14 followers · 21 following

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: YOLOAchievement: QuickdrawAchievement: Pull Shark

Highlights

Block or report hits313

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
hits313/README.md
banner

HITARTH SHAH

security researcher // bug hunter // breaker of things

tagline


whoami

role:    security researcher
focus:   web · cloud · mobile · automotive · ai
mission: find what others miss
status:  always hunting

I break software, audit code, and write up the carnage. Lately I have been teaching machines to hunt bugs and teaching myself how cars talk to each other.

disclosures

ID Class Target Status
CVE-2026-40576 CWE-22 · Path Traversal excel-mcp-server
CVE-2026-41507 CWE-94 Remote Code Execution Math-codegen
CVE-2026-42175 CWE-918 · SSRF (NAT64 / IPv6-mapped bypass) requests-hardened
CVE-2026-43929 CWE-918 · SSRF (NAT64 / IPv4-mapped bypass) ssrfcheck

more in the pipeline.

current_ops

[01]  machine learning in cybersecurity
      └── ai-assisted vulnerability discovery, adversarial ml,
          fuzzing harnesses augmented with llms, agentic recon

[02]  automotive security
      └── can bus, ecu firmware, telematics, ivi stack

[03]  web research
      └── apis, auth, business logic, ssrf chains

arsenal

languages

offensive · pentest

ai · ml · agents

cloud · infra

data · stores

contributions

contribution snake

metrics

domains

web app pentesting        api / graphql abuse
mobile (android / ios)    cloud (aws / gcp / azure)
ssrf · idor · auth        llm / ai security
reverse engineering       firmware / embedded
automotive · can bus      supply chain



Popular repositories Loading

  1. security-pcc security-pcc Public

    Forked from apple/security-pcc

    Private Cloud Compute (PCC)

    Swift 1

  2. Cyber-Guard Cyber-Guard Public template

    Final Year Project

    Python 1

  3. Powerflux Powerflux Public

    Upcoming hidden gem

    1

  4. osv-crlf-poc osv-crlf-poc Public

    1

  5. DC-GPT DC-GPT Public

    JavaScript 1

  6. codeex codeex Public