Shubham Shah
Contact me!
- Me with my serious face on Security is serious kids!

I aim for a secure web.

A massive fan of open source software, offensive security, intensive penetration testing and bug bounties! // Python is pretty cool too. // Oh, I also have a passion for learning biology.

web security + python = bliss

HSC Biology Android App

February of 2013 - I created an application using the phonegap framework, jQuery mobile and HTML5 + a little bit of wordpress to port the entire biology syllabus from HSC online, into an organised, local and easily accessible android application. I pioneered this app with permission from Charles Sturt university. With no ads and of no cost, the app has reached 3000 or so active users as well as 15 or so 5/5 ratings on the Play Market. Take a peek by clicking on the button below :)

Play Market Link

HSC Biology Learn Portal

Suppose you didn't have an android phone, but have internet access? No worries. My android application also comes in a wordpress form, live on my server right now. It is VERY mobile friendly and fluent. Learn on the go.

Biology Learn Portal

HSC Youtube Channel

Starting from late 2012, I decided to contribute to students like myself doing the HSC by sharing whatever knowledge I know about any of my subjects while progressing through the year. Great Success! I have been making approx. 4 videos a week for the last 4 or so months. As of writing this, I have 50+ videos, 100 subscribers and a cumulative view count of 5000. Feel free to watch me teach by visiting my channel, as linked below.

Youtube Channel Link

VideoReplay.Me

Ever wanted to repeat videos or sounds from SoundCloud, Youtube or Vimeo? I made a web application using CherryPy (Python Web Framework), jQuery, Sublime HTML5 Player and a very simple bootstrap design to do just that. The app works wonders for me, feel free to try it!

Videoreplay.Me

ColdFusion Autopwn

Coldfusion developers and users have it tough. Seriously. Securing coldfusion is a hard task and I totally sympathise with them. Especially CVE-2010-2861. This vulnerability is found on approximately 4/10 coldfusion boxes, and any serious web admin who manages multiple coldfusion needs to know which of his or her servers are vulnerable. To do so, I made a tool called CFIDE-AutoPwn (Fully open source) and found on Google Code. This tool is a PoC for the LFI vulnerability found on unpatched ColdFusion servers with unpatched version 8.x, 7 and MX. It has the ability so scan a range of domains. Find it by clicking the button below. (Coded in Python 2.7)

Google Code Link

My Pentesting Life

Pentesting means way too much to me. As a kid I have loved to break things. My dad always use to recall how I took thinks apart *cough* broke my brothers toys *cough* as well as pretty much analysed everything I possibly could. I guess this really sparked my love for breaking web applications and putting them back together (in the most secure form possible). I started at a young age, but yet it remains a core part of my life. I occasionally in my free time (which is rare sadly) write in my blog InSecurity and do freelance pentesting projects.

InSecurity