Sree Danush S — Offensive Security Engineer

Offensive Security Engineer & Tool Builder

SREE DANUSH S

[ L4ZZ3RJ0D ]

BE Cybersecurity graduate currently interning at CyArt, building CyTrack — a multi-agent autonomous web pentesting platform running in production. I research how web applications break, build tools that automate that process, and document everything I learn.

Founder · Project-Hellhound Offensive Security Research Automated Penetration Testing Security Tool Development Web Application Security AI / LLM Security Testing CTF · TryHackMe Top 1%

View Projects Contact Me GitHub

lazzer@kali:~$ python3 hellhound.py --target https://target.com --mode autonomous

// About

Who I Am

8.31

CGPA

Internships

22+

GitHub Repos

Top 1%

TryHackMe

Top 300

HackingHub · All Time

I'm Sree Danush S — an offensive security engineer, tool builder, and founder of Project-Hellhound, an open-source security research organisation building autonomous offensive tools at the intersection of web security, AI, and automation. BE Cybersecurity graduate from Mahendra Engineering College.

At CyArt, I contribute to CyTrack — a multi-agent autonomous web pentesting platform. Multiple agent layers, each targeting a different attack class, run in production against real targets. This is production-grade offensive security engineering, not a side project.

In parallel, I maintain Hellhound — my personal modular pentest framework — and consistently practise through PortSwigger Web Security Academy, where I'm currently exploring areas like Web LLM attacks, advanced injection techniques, and newer web attack vectors. I believe the best security engineers never stop practising their craft.

// Projects

What I've Built

CMDmap

OPEN SOURCE

High-fidelity autonomous command injection detector built for modern web targets. Pairs a SPA-aware crawler with a 5-tier injection engine — direct output, time-blind, redirect, OOB, and adaptive WAF bypass. Every finding verified and delivered with a ready-to-run PoC. Zero false positives.

Python5-Tier EngineOOB ListenerWAF BypassGPL-3.0

→ github.com/project-hellhound-org/cmdmap

X5Sentry

OPEN SOURCE

Autonomous XSS hunter — maps attack surfaces, analyzes character survivability, and validates vulnerabilities through headless browser automation. Handles Reflected, Stored, DOM-based, mXSS, uXSS, and Blind XSS vectors with a confidence scorer and visual evidence capture.

PythonPlaywrightXSSHeadless BrowserGPL-3.0

→ github.com/project-hellhound-org/X5Sentry

CyTrack — Multi-Agent Pentest Platform

ACTIVE

Modular rule-based web application security testing framework built around a multi-agent architecture. Designed to automate vulnerability discovery by dividing the testing workflow into specialised agents — each responsible for detecting a specific class of security issues. Internal project — no public repo.

PythonMulti-AgentAutonomousProduction

Hellhound Spider

ACTIVE

Async web crawler for security testing — maps endpoints, parameters, and security issues across traditional and SPA web applications. Standalone CLI tool with headless browser support.

PythonAsyncHeadless BrowserSPA-AwareCLI

→ github.com/project-hellhound-org/Hellhound-Spider

Hellhound Framework

IN DEVELOPMENT

Modular web penetration testing framework focused on structured intelligence correlation and guided exploitation workflows. Features a hybrid console architecture, SPA-aware reconnaissance modules, parameter intelligence analysis, and a rule-based suggestion engine that identifies logical attack paths while maintaining full operator control.

PythonAutonomousMulti-tierOOB ServerSpider v11+

→ github.com/project-hellhound-org/Hellhound-Pentest

Joe-Goldberg

IN DEVELOPMENT

AI-assisted OSINT investigator with a terminal-style interface. Integrates sherlock, maigret, whois, nmap, and crt.sh under a single case-based workflow powered by Gemini 2.5 Flash — correlating entities, breaches, and pivots into structured intelligence sessions.

PythonGemini 2.5OSINTAI-AssistedCLI

→ github.com/project-hellhound-org/JOE-GOLDBERG

// Skills

Technical Focus

Penetration Testing Tools

Burp Suite Nmap Metasploit SQLMap Hydra Custom Python Tools Hellhound Framework & more →

Web Security Areas

Injection Vulnerabilities Broken Authentication Access Control Flaws Web LLM Attacks API Security Linux Privilege Escalation & more →

Hardware & Wireless

ESP32 / ESP8266 Raspberry Pi Pico Deauth Attacks (studied) Evil Twin AP (studied) Keystroke Injection

Platforms & Labs

Kali Linux TryHackMe Hack The Box PortSwigger Academy Android Pentesting (DIVA) Integrity (Bug Bounty)

// Labs & Continuous Learning

Proof of Practice

HackingHub

Top 300 all time. Practising real-world bug bounty scenarios through structured labs — building recon, enumeration, and exploitation skills for live programs.

Top 300 All Time Bug Bounty Practice Active

Hack The Box

Recently started exploring HTB machines and challenges. Early stage but actively working through beginner-level boxes to build hands-on exploitation skills.

Getting Started Active

TryHackMe Learning Paths

Completed two full certification paths — building foundational to intermediate offensive security skills across real labs.

Jr. Penetration Tester Web App Pentesting Linux PrivEsc

PortSwigger Web Security Academy

Consistent practice across the full OWASP attack surface. Currently exploring newer areas including Web LLM attacks.

SQLiAuth Bypass 2FA BypassXXE SSTIWeb LLM Attacks Access ControlIDOR

AI & LLM Security — Emerging Focus

Actively learning how AI-integrated applications introduce new attack surfaces — prompt injection, LLM-assisted recon, and AI-driven vulnerability detection.

Prompt Injection Web LLM Attacks AI-Assisted Pentesting

HackSmarter Labs

Recently started learning on HackSmarter — structured security labs focused on practical offensive skills and real-world attack scenarios.

Getting Started Offensive Labs hacksmarter.org

// Experience

Where I've Worked

DEC 2025 — PRESENT · REMOTE

CyArt

VAPT Intern — CyTrack Platform

Contributing across multiple agent layers in CyTrack — a multi-agent autonomous web pentesting platform
Building production-grade Python agents, each targeting a different class of web vulnerabilities
Modules running in production and actively tested on real targets

SEP 2025 — NOV 2025 · REMOTE

Cyber Secured India

Hardware Hacking Intern

Learned about deauthentication attacks and Evil Twin AP setups using ESP32 and ESP8266
Studied IoT device attack surfaces and wireless network vulnerability concepts
Gained foundational understanding of hardware-based attack methodologies

APR 2025 — JUN 2025 · REMOTE

Cyber Secured India

Cybersecurity & Digital Forensic Intern

Learned web application security and digital forensics concepts through structured training
Completed 10+ PortSwigger Web Security Academy labs covering SQLi, Broken Auth, 2FA bypass, and enumeration
Exploited a VulnHub machine — Pluck CMS 4.7.16 RCE — and published a full technical writeup on Medium
Studied Android application security using DIVA

JAN 2025 · PONDICHERRY

Pondicherry Cyber Crime Department

Cybersecurity Intern

Gained hands-on understanding of how cybercrime investigations are conducted in a real government department
Observed digital evidence handling, case analysis workflows, and law enforcement cybersecurity protocols
Built a Raspberry Pi Pico Rubber Ducky — a functional HID keystroke injection device for penetration testing research