K SURYA SAI HARSHA

A skilled Red Team Security Analyst with hands-on experience in strengthening web and network security. Adept at assessing complex environments, identifying exploitable vulnerabilities, and delivering impactful security improvements. Consulted closely with clients to understand their technology landscape and operational needs, recommending targeted remediation steps, configuration hardening, and strategic security enhancements to reduce the risk of compromise. Proven ability to translate technical findings into actionable guidance that elevates an organization’s overall security posture.

NMAP, Burp Suite, Nessus, Metasploit, Nuclei, SQLMap, Acunetix, OWASP ZAP, Nikto, WPScan, Recon tools, Fuzzing tools, JADX GUI, Genymotion

Sharanga - Static web crawler (Sep 2025-Present)

• Developed a static web crawler that performs structured URL discovery with deduplication, normalization, scope checks, and depth-controlled traversal.
• Extracts links, forms, and core web components from source codes and JS files to expand the application attack surface, generating clean, actionable output for security testing.
• Provides configurable settings (start URL, headers, depth, scope) with detailed logging and error handling, making it suitable for red-team and AppSec workflows.

• Currently building dynamic crawling capabilities to evolve into a fully functional web vulnerability scanner with deeper coverage and automated analysis.

SQLi Hunter (Jul 2024)

• Developed an automated script to streamline the identification of SQL injection vulnerabilities across multiple web applications, integrating various tools and finding the vulnerability in one go.

• Enhanced the efficiency of vulnerability assessment processes by automating every process including targeted security testing.

ReconRadar (Jan 2024-Present)

• A comprehensive reconnaissance tool that automates the discovery and mapping of domains, subdomains, IPs, and web applications.

• Identifies and enumerates the complete external attack surface, enhancing penetration testing efficiency. With user-integrated APIs, the tool extends its capabilities further enhancing its reconnaissance capabilities.

SubTakeover Sniper (Mar 2024)

• Engineered a command-line utility integrating dig and grep for automated detection of subdomain takeover vulnerabilities, enhancing security posture.

• Scans and analyzes DNS records, achieving a 95% accuracy rate in identifying vulnerable subdomains.

• ELearning Junior Penetration Tester (eJPT)
• Certified AppSec Practitioner (CAP)
• Certified Red Team Professional (CRTP)

• CVE Research & Disclosure: Successfully reported and published two Common Vulnerabilities and Exposures — CVE-2025-62597 and CVE-2025-62598 — recognized for enhancing application and network security.