Available for opportunities

Mutasem Kharma معتصم خرما.

I build |

Offensive Security Engineer & Full-Stack Developer. I engineer AI-powered security frameworks that hunt vulnerabilities autonomously — and ship production web applications at scale.

View Projects Get in Touch Download CV

19+ Projects Built

9+ Security Tools

6.2K+ PyPI/Tool Downloads

∞ Bugs Hunted

Scroll

// about

Who Am I

I'm a security engineer obsessed with building tools that think. My work lives at the intersection of offensive security, AI, and software engineering — creating autonomous systems that don't just find vulnerabilities, but weaponize and report them.

On the offensive side, I've built Aura — a fully autonomous DAST engine powered by Google Vertex AI — and Nexus-CTF, an AI-driven CTF exploitation framework. On defense, Kharma Sentinel provides real-time network intelligence with automated threat neutralization.

I also build production-grade web applications — from property rental platforms to QR-based loyalty systems — with a focus on clean architecture and real-world impact.

🎯

Offensive Security

DAST, Bug Bounty, OWASP Top 10, SSTI/SQLi/XSS/IDOR/SSRF/RCE/JWT

🤖

AI Integration

Google Vertex AI, Ollama (local LLMs), autonomous decision-making engines

🏗️

Full-Stack Dev

Next.js, React, TypeScript, Python, Go, Flask, Supabase, Docker

🛡️

Blue Team

Network monitoring, EDR, auto-remediation, SOC dashboards

// projects

What I've Built

🔴 Cybersecurity Tools

Linux DFIR eBPF

🔬

procscope eBPF Tracer

Zero-Overhead Linux Runtime Investigation

eBPF-based tracer for malware triage and incident response. It follows a suspicious process at runtime, captures file, network, mount, and privilege activity, and ships with Debian packaging, DEP-8 autopkgtests, and distro submissions prepared for ParrotSec and BlackArch.

Go eBPF CO-RE Debian BlackArch

✓ Process-scoped tracing ✓ Debian DEP-8 tests ✓ ParrotSec and BlackArch submission

Enterprise AI Security

🛡️

AegisFW

Zero-Trust LLM Firewall

Enterprise AI Gateway that intercepts GenAI requests, strips PII via Microsoft Presidio, and blocks semantic prompt injections in 40ms. Includes FinOps tracking and a CISO Dashboard.

FastAPI vLLM PostgreSQL Docker

✓ 40ms Latency ✓ PII Tokenization ✓ Semantic Guardrails

Red Teaming AI Security

⚡

Specter-OS

Autonomous AI Red Teaming Engine

Industry-leading framework for automated vulnerability discovery in AI Agents and LLM-powered systems. Orchestrates a 5-phase attack pipeline including goal hijacking and privilege escalation.

Python Gemini AI FastAPI Docker

✓ 5-Phase Attack Pipeline ✓ Automated PDF Reporting ✓ OWASP LLM Top 10

AI/RAG Knowledge base

🔍

Specter-RAG

Neural Context Injection Engine

High-performance Retrieval-Augmented Generation (RAG) system. Uses vector-sharding and semantic search to provide AI agents with ultra-low latency access to vast knowledge bases.

Python ChromaDB FastAPI Gemini

✓ Vector Sharding ✓ Zero-Latency Context ✓ Agent Optimized

Security Engine AI-Powered

🧠

Axon

Neural Security Evidence Backbone

High-performance sharded actor engine for security evidence normalization. Processes 1M findings/sec with zero-copy ingress and AI-powered remediation.

Go NATS Docker Gemini AI

✓ 1M Findings/Sec ✓ Zero-Allocation Ingress ✓ Kali Ready

Offensive AST-Driven

🎯

AuthSniper

AST-Driven BOLA/IDOR Hunter

Advanced Go tool for automated IDOR/BOLA detection. Uses Abstract Syntax Tree (AST) response comparisons to achieve a 0% false positive rate by ignoring dynamic noise.

Go AST Concurrency Homebrew

✓ 0% False Positives ✓ Deep Structural Diffing ✓ CI/CD Integration

Logic Breaker Stateful

☣️

Vex

Stateful API Logic Fuzzer

A zero-noise API fuzzer that hunts for logic flaws rather than syntax errors. Stateful session simulation for cross-user vulnerability hunting.

Go OpenAPI Stateful WAF Evasion

✓ Logic-Driven Fuzzing ✓ Zero-Noise Filter ✓ Swagger/OpenAPI Native

Offensive AI-Powered Featured

🛡️

Aura

Sentient Offensive Engine

Autonomous AI-powered DAST framework that hunts, weaponizes, and reports vulnerabilities. Uses Google Vertex AI for strategic decision-making. Detects SQLi, XSS, SSTI, IDOR, SSRF, RCE, JWT abuse, BOLA, LFI, Open Redirect, and more.

Python Go Vertex AI Docker Flask

✓ OWASP Top 10 Coverage ✓ Auto PoC Generation ✓ Bug Bounty Ready

Defense Production 5.4K+ Downloads

📡

Kharma Sentinel

Advanced Network Defense Suite

Real-time network monitor with Deep Packet Inspection, automated EDR via VirusTotal (70+ AV engines), MaxMind Geo-Intelligence, active threat neutralization, and Telegram breach alerts. Packaged as a standalone Windows `.exe`.

Python Flask Leaflet.js SQLite MaxMind

✓ 70+ AV Engine Scan ✓ Auto-Kill Malware ✓ .exe Packaged

CTF AI Brain

⚔️

Nexus-CTF

Autonomous Exploitation Framework

AI-powered CTF framework with a local Ollama LLM brain (Cognitive Exploit Engine). Auto-detects and exploits SSTI, SQLi, XSS, and JWT vulnerabilities. Built for PicoCTF, HackTheBox, and custom labs.

Python Ollama LLM SSTI SQLi

Blue Team SOC

👑

Ameera

Blue Team Command Center

Unified "war room" dashboard integrating Aura, Kharma, and Vanguard. Features auto-remediation for Windows misconfigurations (SMB, firewall), self-healing logic, and a glassmorphism SOC interface.

Python Flask Windows API PyPI

🌐 Web & Full-Stack

Official Academic

🎓

CNE Family Official

Academic Networking Hub

The authoritative platform for BAU Computer & Network Engineering students. Features a real-time track manager, course materials, study plans, and academic tracking.

Vite Supabase Material UI

✓ Real-time Tracker ✓ Academic CMS ✓ Official BAU Hub

Next.js Live

🏡

Reva Chalets

Property Rental Platform

Full-stack property rental web application with booking management, user authentication, mobile companion app, and Dockerized deployment. Deployed to Vercel with Prisma ORM for database management.

Next.js TypeScript Prisma Docker Vercel

✓ Mobile App Included ✓ Vercel Deployed ✓ Docker Ready

React Supabase

☕

Café Rewards

QR-Based Loyalty System

Customer loyalty rewards platform with QR code scanning, points tracking, and reward redemption. Built with Vite + React + TypeScript and Supabase as the real-time backend.

React TypeScript Vite Supabase

Vanilla JS

✏️

Air Drawing App

Canvas Drawing Tool

Browser-based drawing application with canvas API, multiple drawing tools, color palettes, and zero dependencies. Pure HTML, CSS & JavaScript.

HTML5 CSS3 Canvas API

🤖 Automation & Bots

Cloud 24/7

📬

Telegram Daily Bot

Scheduled Messaging Bot

24/7 Telegram bot deployed on Render cloud with Supabase persistence. Sends scheduled daily messages with state management across restarts.

Python Render Supabase Telegram API

✅

Smart Task Bot

Telegram Task Manager

Telegram-based task management bot with reminders, priority queuing, and persistent storage.

Python Telegram API SQLite

// skills

Tech Stack

Languages

Go / Golang Python TypeScript JavaScript SQL Bash PowerShell

Security

AST Diffing BOLA / IDOR Business Logic DAST / SAST Bug Bounty OWASP Top 10 Penetration Testing Reverse Engineering

AI & Machine Learning

Google Vertex AI Ollama (Local LLMs) LLM Orchestration Autonomous Agents

Web & Frameworks

Next.js React Flask Vite REST APIs GraphQL Prisma ORM

Infrastructure

Docker Vercel Render Supabase SQLite GitHub Actions

Tools

Burp Suite Wireshark Nmap / Nessus VirusTotal API MaxMind GeoIP

// contact

Let's Work Together

Open to security engineering roles, bug bounty collaboration, full-stack development, and enterprise security consulting.

🏢

Enterprise Consulting

Custom integration of Kharma Sentinel, Aura, and other security frameworks into your corporate environment. Network auditing, threat response planning, and SOC dashboards.

Get a Quote →

🎯

Penetration Testing

Manual and automated web application security assessments using my own toolchain (Aura DAST Framework). OWASP Top 10, API security, and bug bounty methodology.

Start a Project →

🤝

Open Source Support

Kharma Sentinel has 5,400+ downloads. If it saved your team hours of work, consider sponsoring its continued development and new features.

☕ Sponsor →

GitHub Email Me