Jafar Pathan

ABOUT ME

Hey there,

I am Jafar Pathan,
- 👨‍💻 Working Professional in field of Cyber Security, and helping organizations of diverse domains improves their cyber security posture. Completed my bachelor's in Computer Engineering, Achieved CEHv12 Practical certification.
- 🥷 Having expertise in VAPT of wide range of applications domains including Network VAPT, Mobile Applications, APIs, Thick Thin Clients, Web Applications, and skilled in Malware 🐞 Analysis and Reverse Engineering.
- 💻 I am a Coder and I love to code, I have developed various tools and projects helping my fellow hackers.
- 💡Creator of the first ever Browser Based Web Fuzzing tool -> The Browser Bruter.
- 💡 Creator of the MCP Server for APK Tool - apktool-mcp-server
- 💡 Creator of the MCP Server for JADX -> JADX-AI-MCP
- 💡 Creator of the MCP Client for Local Ollama LLMs -> Zin-MCP-Client
- 💡 Creator of the burp suite extension for automatically set intruder payload positions -> Auto-Payload-Positioner
- 💡Creator of the Damn Vulnerable Android Components -> DVAC
- 🔭By hobby I love to research, study and contribute in the field of cyber security.
- 🏍️ Motorcycle enthusiast who rides his motorcycle for peace of mind.
- 🇮🇳 Made in India.
- 🤝 I'm available for collaboration on Tools Development and CTFs.
- 🎯 Stuck in the loop of - 'Hack->Code->Secure->Repeat'
- 🔑 Here's my PGP key (Just In Case) - https://keys.openpgp.org/vks/v1/by-fingerprint/704CE7C0E6C4F80413F6940FEBF83C765712B2BB
My Message -> Kindly donate to the needy, help others, keep smiling, spread love. Hate can not destroy hate.

EXPERIENCE

Net Square Solutions Pvt. Ltd.

Information Security Analyst (Jan 2023 - Present)

Performing VAPT of diverse and vast range of applications including Web Application, Mobile Applications, API Security, Network VAPT, Thick Thin Clients.
Utilizing my coding skills to perform secure code review to find vulnerabilities in source code and help clients mitigate them.
Preparing a comprehensive report of VAPT with supporting Proof of Concepts and remediations.
Writing scripts for automation and problem solving to tackle the challenges faced by the team during VAPT.
Performing R&D to improve my technical skills and contributing my learnings to the team and the organization.

EDUCATION

Completed Bachelors of Engineering in Computer Engineering from Government Engineering College, Gandhinagar | 2020 - 2023
CGPA: 8.81

Completed Diploma in Computer Engineering from Shri K.J.Polytechnic, Bharuch | 2017 - 2020
CGPA: 9.03

PROJECTS

- The APKTool MCP Server
apktool-mcp-server is a MCP server for the Apk Tool that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude to bring power of AI to APK Tool and enhanced reverse engineering process of android applications.
Check now - https://github.com/zinja-coder/apktool-mcp-server

- The JADX-AI-MCP
Standalone Plugin for JADX (Started as Fork) with Model Context Protocol (MCP) integration for AI-powered static code analysis and real-time code review and reverse engineering tasks using Claude.
JADX MCP Server is a standalone Python server that interacts with a jadx-gui plugin jadx-ai-mcp via MCP (Model Context Protocol). It lets LLMs communicate with the decompiled Android app context live.https://github.com/netsquare/zinja-coder/jadx-ai-mcp

- The Zin MCP Client
⚡ Lightweight, Fast, Simple, CLI-Based MCP Client for STDIO MCP Servers, to fill the gap and provide bridge between your local LLMs running Ollama and MCP Servers. https://github.com/netsquare/zinja-coder/zin-mcp-client

- The BrowserBruter | Associated with Net Square Solutions PVT LTD.
The FIRST EVER! Browser automation based web penetration testing tool.It attacks the web application by controlling and running browsers and injecting malicious payloads in input fields. It automates the process of sending payloads to input fields of web applications in the browser and sends them to the server.It completely bypasses the need to break the encryption of HTTP Traffic in order to fuzz and insert payloads in scanners and intruders like BurpSuite, SQLMap, etc. After fuzzing it generates a comprehensive report including all the data and result of the pentest along with HTTP traffic, this report can be viewed by The Report Explorer tool which comes with The Browser Bruter.
Get it now - https://github.com/netsquare/BrowserBruter/releases

- The BrowserBruter Official Documentation | Associated with Net Square Solutions PVT LTD.
The official documentation for The BrowserBruter contains comprehensive and detailed guide on installation, usage & more.
Check now - https://net-square.com/browserbruter/

- Auto Payload Positioner
A Burp Suite extension built on the Montoya API that automatically detects and marks “interesting” insertion points throughout an HTTP request. Rather than manually highlighting each location (headers, parameters, JSON/XML/form bodies, etc.), this extension sets payload positions for you—so you can focus on testing vulnerabilities, not on placement.
Github: https://github.com/netsquare/Auto-Payload-Positioner

- Damn Vulnerable Android Components
An intentionally vulnerable Android Application to demonstrate various vulnerabilities that arise in Android Components.
Download Now - https://github.com/zinja-coder/Damn-Vulnerable-Android-Components

CERTIFICATIONS

Certified Ethical Hacker V12 Practical from EC-Council
Practical Malware Analysis & Triage from TCM
Practical Ethical Hacking - The Complete Course TCM
API Security Architect from API Academy
Android App Hacking - Black Belt Edition from Udemy

TECHNICAL

VAPT
Research & Development
Static Application Security Testing (Secure Code Review)
Mobile Application Security Testing
API Security Testing
Network Penetration Testing
Reverse Engineering & Malware Analysis
Strong Experience with tools including Burp Suite, BrowserBruter, Metasploit, Nessus, NMAP, Wireshark, Ghidra, Ffuf, hashcat, etc.
Web Application Penetration Testing
Report Writing and Remediation
Strong Experience with Linux and Windows Operating System
Googling and Problem Solving
Scripting and Automation
AI, LLM and MCP

TALKS, WORKSHOPS & SESSIONS

Conducted Workshop at NS Secure Saturday on MCP Server and Client Development and how to integrate llm via MCP in offensive security.
Conducted Workshop at NS Conclave 2024 Ahmedabad on Advance Android Exploitations.
Conducted 2 Days Comprehensive Training on Advance Usage of Browser Bruter at GOA 2024 Employee Conference.
Presented Research on Web Application Encryption bypass at NS Conclave 2024 Ahmedabad.
Presented live demonstration of how to fuzz web applications with encrypted traffic at The Hacker's Meetup Vadodara 2024
Conducted NULL HUMLA (A hands on Attack) Workshop at on Attacking web application using Browser Bruter Null Ahmedabad 2024

ACTIVITIES AND ACHIEVEMENTS

Developed MCP Server for APKTool
Developed MCP server for JADX
Developed first ever browser automation based web application penetration testing tool.
Developed beginner friendly Vulnerable Android Application focusing on android components vulnerabilities.
Developed quick, handy and easy to use BurpSuite Extension called Auto Payload Positioner to assist pentester in assessment by automatically setting payload positions to interesting points in request when using intruder.
Regular CTF player on numerous platforms and among top 1% on TryHackMe - https://tryhackme.com/p/ZinjaCoder
Writing Articles and writeups about my research and CTFs on medium - https://medium.com/@zinjacoder

JAFAR PATHAN