Skip to content
View R3DD404's full-sized avatar
🎯
Focusing
🎯
Focusing
14 followers · 11 following

Block or report R3DD404

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
R3DD404/README.md

Typing SVG 

β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $whoami
R3DD

β”Œβ”€[βœ—]─[R3DD@parrot]─[~] 
└──╼ $cat about_me.txt

// 18 y/o security researcher

  • CTF player, sometimes I win
  • TryHackMe top 2%.
  • Been breaking things since I found Kali Linux
  • Code at 3am, sleep is overrated
  • Learning smart contract security.
β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $ls /home/R3DD/arsenal/

Toolbox

Recon & Enumeration

  • nmap masscan
  • gobuster ffuf dirbuster
  • subfinder amass
  • nikto whatweb

Exploitation

  • burpsuite sqlmap
  • metasploit msfvenom
  • john hashcat
  • hydra medusa

Post-Exploitation

  • linpeas winpeas
  • bloodhound mimikatz
  • netcat socat
  • Custom Python scripts
 
β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $python3 projects.py --list

Recent Builds

ReconMate Suite
Application for recon automation for CTFs.

Features: Subdomain enum, port scanning, web fuzzing Status: Actually works (surprisingly)
Usage: Deployed locally, saves me hours on THM boxes

THM-Slash
Roasts people based on their TryHackMe stats with surgical precision.

Features: API scraping, personalized insults, dark mode only
Status: Friends hate me now
Try it Here: https://thmslash.vercel.app

β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $grep -r "achievements" /var/log/

Recent Wins

[2025] Reported no-rate limiting issue, paid.
[Feb-2025] Hit Top 50 on THM monthly. 
[2025] Found exposed API endpoint leaking sensitive information. Disclosed responsibly.
[2025] Discovered open redirect and SVG-based stored XSS via file upload. Reported both.
[2024] Found hardcoded API key in request. Reported, got props.

β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $sudo ./run_stats.sh

R3DD's GitHub Stats

Top Languages

β”Œβ”€[βœ—]─[R3DD@parrot]─[~]
└──╼ $echo "Current Status: $(curl -s life.status)"

Live Status

Online: Probably breaking something or fixing what I broke yesterday
Location: 127.0.0.1 (nice try FBI)
Current Mission: Learning more about different vulnerabilities
Caffeine Level: Dangerously high

Connection established. Root access granted.

[01:37:42] R3DD@parrot ~ $ echo "Thanks for visiting my digital lair"
Thanks for visiting my digital lair

[01:37:45] R3DD@parrot ~ $ exit
logout
Connection to github.com closed.

Typing SVG

Popular repositories Loading

  1. ThmSlash ThmSlash Public

    TypeScript 2

  2. thm_writeups thm_writeups Public

  3. ReconMate ReconMate Public

    A GUI tool which can be used to scan for common ports and subdirs in a CTF

    Python

  4. ScamBuster-3000 ScamBuster-3000 Public

    TypeScript

  5. DevHaven DevHaven Public

    TypeScript

  6. CrushHub CrushHub Public

    TypeScript