Afnaan's Research Archive

A dedicated archive of systematic research, focusing on responsible disclosure and the identification of critical vulnerabilities.

This repository documents my CVE research, offensive security toolkits, and architectural deep-dives.

Everything here serves as an educational and ethical blueprint for building a more resilient, secure-by-design ecosystem.

CVE Disclosure

CVE-2025-14598

CVSS 9.8 - Critical

✔ Disclosed

Cert/CC


A critical security vulnerability affecting 100+ educational institutions across India. Discovered through independent research, the vulnerability was responsibly reported and coordinated through CERT/CC, resulting in an official CVE assignment with a CVSS score of 9.8 (Critical).

The vulnerability exposed sensitive data and systems across the affected institutions. Following responsible disclosure protocols, remediation was supported before public disclosure.


9.8

CVSS Score

100+

institutions

1M+

Student's data

Projects

Raspberry Pi Pico HID Attack

The Raspberry Pi Pico acts like a keyboard and delivers malicious payload when this programmed with this script.

This script is powered by MicroPython and Adafruit library.

Project Overhaul

Project Overhaul integrates a variety of popular penetration testing tools into a single Command Line Interface.

The following tools are supported as of now:
Nmap, Netcat, Gobuster, Amass, Metasploit, Sqlmap, Hashcat, John the Ripper.

Nmap Command Generator

Python script that simplifies the process of generating Nmap commands by allowing users to input their desired command and switches, resulting in a ready-to-use Nmap command for network scanning.

It provides a user-friendly interface for quickly creating customized Nmap scans.

Writeups

Story of CVE-2025-14598

A critical-impact discovery involving a deep-rooted SQL Injection flaw within a widely used educational ERP.

This research led to a CVSS 9.8 disclosure and a coordinated remediation effort that secured the sensitive data of over 100 academic institutions across India.

Building unhackable webistes

By eliminating all frameworks, backends, and third-party dependencies, I reduced the site’s attack surface to its theoretical minimum, effectively mitigating XSS and SQLi by design.

This writeup covers the motivation, fundamentals, and

Portable Privacy Fortress

A technical implementation of a live-boot, amnesic environment on a portable USB.

By layering encryption and custom hardware-level persistence, I created a plug-and-play secure workstation designed for zero-trace operations in hostile environments.