Skip to content
View wavegxz-design's full-sized avatar
  • 03:34 (UTC -12:00)

Block or report wavegxz-design

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
wavegxz-design/README.md
Typing SVG

Portfolio   GitHub   Telegram   Email   Location


$ cat about.txt ─ About Me

Top Languages

Red Team Operator and open source security researcher based in Mexico 🇲🇽 UTC-6.

I design and build offensive security tools from scratch — every module is tested in authorized environments, every vulnerability class is documented for defenders.

My work focuses on web application exploitation, network penetration, OSINT intelligence gathering, and malware static/dynamic analysis. I believe the only way to build strong defenses is to deeply understand how attacks work at a technical level — not just conceptually, but hands-on.

Currently publishing 13 open source security tools used by researchers and red teamers. All tools require explicit authorization to use.

🟢 Available for authorized engagements, research collaborations and consulting.


$ whoami ─ Quick Profile

┌─[krypthane@redteam]─[~]
└──╼ $ cat profile.txt

  alias     : krypthane
  role      : Red Team Operator | Open Source Developer
  focus     : Web Exploitation · Network Pentesting
              OSINT & Intelligence · Malware Analysis / RE
              Android/ADB Security · Tool Development
  location  : Mexico 🇲🇽 UTC-6
  tools     : 13 open source security tools published
  contact   : github.com/wavegxz-design | t.me/Skrylakk
  status    : 🟢 AVAILABLE FOR AUTHORIZED ENGAGEMENTS
  ethics    : ethical hacking only — always authorized

└──╼ $ cat mission.txt

  "Break systems ethically. Document everything.
   Build better defenses."

└──╼ $ █

$ ls -la tools/ ─ Open Source Security Tools

13 production-grade tools — all open source, all documented, all requiring authorization

Tool Ver Stack Description
🔍 recon-kit v2.1.3 Bash Modular recon — WHOIS, DNS+AXFR, subdomains, Nmap live output, SSL
🌐 webcheck v2.0.0 Bash HTTP auditor — 11 modules, 0-100 score, WAF detect, JSON output
privesc-kit v1.1.0 Bash Linux privesc — SUID, sudo, cron, GTFOBins, kernel CVEs
💣 payload-kit v1.0.0 MD 200+ payloads — SQLi, XSS, SSTI, CMDi, LFI, XXE, SSRF
👁️ FIXTT v7.5 Python 18+ OSINT modules — IP, email, Shodan, metadata, dark web, VIN
🐛 Bug-Attacker v1.0 Python IP/phone lookup, port scan, subdomain & subdir enumeration
🕸️ NullTrace v1.0 Python Web recon — CMS detect, WP scan, SQL error enumeration
☠️ PhantomStrike v1.0 Python Red team — Nmap, Shodan, FTP/SSH brute, Metasploit RPC
📱 NEXORA-TOOLKIT v1.0 Bash Modular ADB security & forensics toolkit for Android
👻 GhostCheck v1.0 JS 30+ web security checks — SSL, DNS, ports, headers, WAF, WHOIS
💀 devilZERO v1.0 Python Modular DDoS testing toolkit — Layer 4/7, Amplification, proxy support
🐉 hydra-deploy v5.0.1 TS Deploy CLI — auto-detect stack, self-healing retry, README generator
🕵️ ShadowEye v1.0 Python OSINT framework — username, phone, email, domain, IP intelligence

$ cat capabilities.txt ─ Core Competencies

🔴 Web Exploitation

├─ SQL Injection (manual + tool-assisted)
├─ XSS / CSRF / Clickjacking
├─ SSRF / XXE / LFI / RFI
├─ IDOR / Auth bypass / JWT attacks
├─ API security testing
└─ Cloudflare bypass techniques

🟠 OSINT & Intelligence

├─ WHOIS / IP / ASN lookup
├─ Email & phone intelligence
├─ Shodan / Censys integration
├─ Metadata extraction (EXIF)
├─ Subdomain enumeration
└─ Dark web search (Ahmia/Tor)

🟡 Network Penetration

├─ Nmap automation & service enum
├─ DNS recon / zone transfer (AXFR)
├─ Protocol analysis & pivoting
├─ Wireshark / tshark packet capture
├─ FTP / SSH brute force
└─ VPN / Proxy / Tor routing

🟣 Malware Analysis / RE

├─ Static analysis — strings, imports
├─ Dynamic analysis — behavior sandbox
├─ Disassembly (Ghidra · x64dbg)
├─ Packer detection & unpacking
├─ IOC extraction & reporting
└─ Memory forensics — Volatility

🟢 Tool Development

├─ Python security tools
├─ Bash automation scripts
├─ TypeScript / Node.js CLIs
├─ Docker containerization
├─ Cloudflare Workers (JS)
└─ GitHub CI/CD pipelines

$ uname -a ─ Tech Stack

Python Bash JavaScript TypeScript Node.js Linux Kali Linux Docker Cloudflare Nmap Burp Suite Wireshark Metasploit Ghidra Git GitHub Actions

$ git log --stats ─ GitHub Statistics

GitHub Stats   Top Languages
GitHub Streak

GitHub Activity Graph

$ trophy --list ─ GitHub Trophies

GitHub Trophies

$ ctf --status ─ Labs & CTFs

Platform Status Focus
HackTheBox 🟢 Active Web · Linux · Active Directory
TryHackMe 🟢 Active Red Team paths · OSINT · AV Evasion
OverTheWire 🟢 Active Bandit · Narnia · Linux Fundamentals
PicoCTF ✅ Done Web Exploitation · Cryptography
Personal Lab 🔴 Active DVWA · Juice Shop · Malware VM · Ghidra

$ ping contact ─ Get in Touch

Portfolio


GitHub   Telegram   ProtonMail


⚠️ All tools are for authorized security testing only. Unauthorized use against systems you don't own is illegal.

Profile Views

Footer

Popular repositories Loading

  1. NEXORA-TOOLKIT NEXORA-TOOLKIT Public

    Advanced ADB toolkit for Android device management — by krypthane

    Shell 2

  2. recon-kit recon-kit Public

    Modular, distro-aware recon toolkit for authorized pentesting. Auto-installs deps, self-heals with AUTOFIX, plugin support. Kali · Parrot · Arch · Ubuntu · Fedora

    Shell 2

  3. hydra-deploy hydra-deploy Public

    Multi-platform deployment CLI with auto-detection, self-healing recovery and interactive dashboard. TypeScript · Node 18+ · 30+ contributors welcome

    TypeScript 2

  4. webcheck webcheck Public

    HTTP security auditor — headers, cookies, TLS, redirects & info disclosure. Color-coded terminal report with risk scoring. Bash · Zero dependencies · Bug bounty ready

    Shell 2

  5. payload-kit payload-kit Public

    Organized offensive payloads for CTFs and authorized penetration testing. SQLi · XSS · SSTI · Command Injection · LFI · XXE · SSRF · Auth Bypass — every payload includes context, platform notes and…

    2

  6. FIXTT FIXTT Public

    FIXTT – Modular terminal-based OSINT framework for security researchers, red teamers, and CTF players. Aggregates intelligence from 20+ data sources (IPs, emails, domains, images, dark web, exploit…

    Python 2