>_ type whoami anywhere

// IDENTITY :: D3ADSHOT

I
AM
D3ADSHOT.

Bug bounty hunter & offensive security researcher.
I find what shouldn't be there.

View EngagementsGet In Touch
D3ADSHOT Avatar
0Platforms Active
0+Years Operational
02 / 06

TOOLS & PROJECTS

// 01[ RED TEAM TOOL ]

D3adphish

GoPhish fork engineered to strip every detectable fingerprint — X-Mailer headers, tracking params, session cookies, server identifiers. One binary, zero traces. For authorized engagements only.

GoGoPhishSQLiteLinux
View Source →
// 02[ RECON SUITE ]

OwlSec Tool

Terminal-based recon suite built for the OwlSec community. WHOIS lookups, three Nmap scan profiles, passive/active subdomain enumeration via Subfinder & Amass, live host detection with HTTPX, and JS secret extraction — all from one interactive menu.

Python 3NmapSubfinderAmassHTTPX
View Source →
// 03[ EXPLORE ]

More on GitHub →

All public repos, tools, and experiments.

Explore →
03 / 06

CAPABILITIES

// 01

Web App Pentesting

Full-scope web application assessments targeting authentication, authorization, and business logic , the bugs that scanners miss.

  • IDOR chain exploitation
  • Business logic bypass
  • SSRF & blind SSRF
  • Stored & DOM XSS
  • HTTP request smuggling
  • File upload bypass
  • Insecure deserialization
  • Race condition attacks
  • JWT algorithm confusion
// 02

Social Engineering

Human-layer attack simulation. Pretexting, persona building, and OSINT-driven targeting to expose the weakest link in any organization.

  • Pretexting & persona building
  • OSINT-driven targeting
  • Vishing simulation
  • Authority & urgency manipulation
  • Callback phishing
  • LinkedIn reconnaissance
  • Physical security bypass
  • USB drop campaigns
  • Impersonation attacks
  • Trust exploitation chains
// 03

Phishing Campaign Specialist

End-to-end phishing simulation using D3adphish , fingerprint-stripped, fully authorized, and built to test real-world defences.

  • D3adphish framework deployment
  • Domain spoofing & typosquatting
  • Evasion of email security filters
  • SSL certs for phishing domains
  • Credential harvesting pipelines
  • Template design & A/B testing
  • Tracking & open-rate metrics
  • Spear phishing campaigns
  • GoPhish hardening
  • Post-campaign reporting
04 / 06

THE LOADOUT

Kali Linux
Kali Linux
Burp Suite Pro
React
React
HTML5
HTML5
Tailwind CSS
Tailwind CSS
JavaScript
JavaScript
TypeScript
TypeScript
AI Pipelines
OSINT Collection
Kali Linux
Kali Linux
Burp Suite Pro
React
React
HTML5
HTML5
Tailwind CSS
Tailwind CSS
JavaScript
JavaScript
TypeScript
TypeScript
AI Pipelines
OSINT Collection
Kali Linux
Kali Linux
Burp Suite Pro
React
React
HTML5
HTML5
Tailwind CSS
Tailwind CSS
JavaScript
JavaScript
TypeScript
TypeScript
AI Pipelines
OSINT Collection
Kali Linux
Kali Linux
Burp Suite Pro
React
React
HTML5
HTML5
Tailwind CSS
Tailwind CSS
JavaScript
JavaScript
TypeScript
TypeScript
AI Pipelines
OSINT Collection
05 / 07

CERTIFICATIONS

Web Development

Web Development

Certified By IT Academy

Cyber Threat Intelligence

Cyber Threat Intelligence

Certified by ArcX

Pro Hacker

Pro Hacker

Rank On Hack The Box

05 / 06

INITIATE CONTACT

Found something I should know about? Let's talk. Bug bounty collabs, red team engagements, OwlSec community, or just a good recon story.

Instagram@d3adshotsec

DMs open. Best for quick questions, collabs, and community stuff.

Open Instagram
Discordcustos_lucis

Preferred channel for longer conversations, bug bounty talk, and OwlSec.

Open Discord