Arshad Kazmi
Berlin · Built solo

Hi, I'm Arshad.
I ship, hunt & write code.

I run a tiny SaaS suite under i*.today, hunt bugs as @codermak, and write software at Smartly.io. I do all three because I haven't figured out which one I love more.

Indie hacker Bug bounty hunter SWE @ Smartly.io 📍 Berlin 🇩🇪
iScan.today
Secret scanner · App

Catch leaked secrets across GitHub, GitLab, NPM, Docker Hub and more. Built for bug bounty hunters.
iSpy.today
Real-time monitor · App

Real-time GitHub leak monitor. Pings me the moment a token is published in public.
iSsl.today
Domain alerts · App

SSL expiry + subdomain takeover alerts on autopilot, straight into Slack and Discord.
iLink.today
Encrypted notes · App

E2E-encrypted self-destruct links. The Privnote replacement I actually trust to read my own code.
GhRev.com
AI PR copilot · App

Chrome extension that gives your AI CLI a seat in every GitHub PR — reviews, diagrams, chat.
iBlockBots.today
Bot blocker · App

Auto-detects and blocks AI reply-farming bots on X/Twitter, entirely in your browser.
iWatcher.watch
Token verifier · App

Paste any GitHub access token and instantly see exactly what it unlocks.
currency-symbols
Python · Open source

Tiny PyPI lib: ISO currency codes → symbols.
first-issues
Python · Open source

Twitter bot tweeting good-first-issues for new OSS contributors.
ak-cli
Shell · Open source

Personal collection of CLI shortcuts I use every day.
strix-claude-code
Python · Open source

An AI pentest agent that lives inside Claude Code.
github-scanner-local
Shell · Open source

Local-only secret scanner for any GitHub org's repos.
squash
JavaScript · Open source

Save command chains under a single shortcut name.
deep-code
Python · Open source

Claude Code-style agent powered by the Deepseek API.
flip-remote
JavaScript · Open source

Toggle git remote between HTTPS and SSH instantly.
tokens-analyze
Shell · Open source

Analyze leaked API tokens; figure out what each one unlocks.
iScan.today
Secret scanner · App

Catch leaked secrets across GitHub, GitLab, NPM, Docker Hub and more. Built for bug bounty hunters.
iSpy.today
Real-time monitor · App

Real-time GitHub leak monitor. Pings me the moment a token is published in public.
iSsl.today
Domain alerts · App

SSL expiry + subdomain takeover alerts on autopilot, straight into Slack and Discord.
iLink.today
Encrypted notes · App

E2E-encrypted self-destruct links. The Privnote replacement I actually trust to read my own code.
GhRev.com
AI PR copilot · App

Chrome extension that gives your AI CLI a seat in every GitHub PR — reviews, diagrams, chat.
iBlockBots.today
Bot blocker · App

Auto-detects and blocks AI reply-farming bots on X/Twitter, entirely in your browser.
iWatcher.watch
Token verifier · App

Paste any GitHub access token and instantly see exactly what it unlocks.
currency-symbols
Python · Open source

Tiny PyPI lib: ISO currency codes → symbols.
first-issues
Python · Open source

Twitter bot tweeting good-first-issues for new OSS contributors.
ak-cli
Shell · Open source

Personal collection of CLI shortcuts I use every day.
strix-claude-code
Python · Open source

An AI pentest agent that lives inside Claude Code.
github-scanner-local
Shell · Open source

Local-only secret scanner for any GitHub org's repos.
squash
JavaScript · Open source

Save command chains under a single shortcut name.
deep-code
Python · Open source

Claude Code-style agent powered by the Deepseek API.
flip-remote
JavaScript · Open source

Toggle git remote between HTTPS and SSH instantly.
tokens-analyze
Shell · Open source

Analyze leaked API tokens; figure out what each one unlocks.
$ what i'm doing today

Three things, in parallel.

A snapshot of where my hours go.

🚀
Indie · evenings & weekends
Shipping the i*.today suite
Nine apps live, three more in the oven. Each one started as a tool I needed myself — a secret scanner, an SSL alarm, a self-destruct link. I keep shipping because I keep running into problems with no good answer.
🐛
Hunting · as @codermak
Bug bounty across all four platforms
Active on HackerOne, Bugcrowd, Intigriti, and YesWeHack. The hunting feeds the apps — iScan, iSpy and iSsl all exist because I needed them while hunting.
💼
Day job · since 2024
Software engineer at Smartly.io
Building the platform that powers paid social for the world's biggest brands. Berlin office, distributed team.
$ ls ~/projects --all

Things I've shipped.

All 12 — what's live in production and what's been retired.

iScan.today
Secret scanner

Catch leaked secrets across GitHub, GitLab, NPM, Docker Hub and more. Built for bug bounty hunters.

Visit
iSpy.today
Real-time monitor

Real-time GitHub leak monitor. Pings me the moment a token is published in public.

Visit
iSsl.today
Domain alerts

SSL expiry + subdomain takeover alerts on autopilot, straight into Slack and Discord.

Visit
iLink.today
Encrypted notes

E2E-encrypted self-destruct links. The Privnote replacement I actually trust to read my own code.

Visit
GhRev.com
AI PR copilot

Chrome extension that gives your AI CLI a seat in every GitHub PR — reviews, diagrams, chat.

Visit
iBlockBots.today
Bot blocker

Auto-detects and blocks AI reply-farming bots on X/Twitter, entirely in your browser.

Visit
iWatcher.watch
Token verifier

Paste any GitHub access token and instantly see exactly what it unlocks.

Visit
Also built · since retired: iMrr.today· iWebhook.today· iFindIdea.today· iPing.today· iBarter.today
$ whoami --hunter

Hunting as @codermak

Same handle, every platform. Click any card for the live profile — that's where my latest reports, reputation and rankings live (no stale numbers here).

HackerOne
@codermak
View profile
Bugcrowd
@codermak
View profile
Intigriti
@codermak
View profile
YesWeHack
@codermak
View profile
$ gh repo list

Open source.

A few of the 327 repos I've made public. Most are tiny on purpose.

currency-symbols

Tiny PyPI lib: ISO currency codes → symbols.

/mo
first-issues

Twitter bot tweeting good-first-issues for new OSS contributors.
ak-cli

Personal collection of CLI shortcuts I use every day.
strix-claude-code

An AI pentest agent that lives inside Claude Code.
github-scanner-local

Local-only secret scanner for any GitHub org's repos.
squash

Save command chains under a single shortcut name.
deep-code

Claude Code-style agent powered by the Deepseek API.
flip-remote

Toggle git remote between HTTPS and SSH instantly.
tokens-analyze

Analyze leaked API tokens; figure out what each one unlocks.
See all 327 repos on GitHub
$ cat ~/story.md

Why I build.

I write code for a living, then go home and write more code for fun. It looks unhealthy on paper. It feels like the opposite from the inside.

The day job at Smartly.io is where I get to do serious engineering — big systems, real users, careful trade-offs. The nights and weekends go into the i*.today suite: small, opinionated tools, each born from a problem I had myself. A secret I almost missed. An SSL cert that expired silently. A Privnote link I didn't fully trust.

And then there's the bug bounty side. @codermak is the handle I hunt under, and it's the part of my life that closes the loop: tools I build for hunting end up shipped as products, and bugs I find in the wild surface ideas for tools that don't exist yet.

It all sort of feeds itself. The apps make me a better hunter. The hunting makes me a sharper engineer. The engineering teaches me how to ship faster.

If you're building something cool, hunting something tricky, or hiring for something interesting — DM me on X or drop an email. I read everything.

— Arshad