work skills about toolkit contact
Advanced Penetration Testing Framework

REHNOVA
SECURITY
OPS

PLATFORM

every system has a door — i just find them first.

Alias of Rehan — offensive security specialist from the Greenwich underground. Penetration tester, bug bounty hunter, network recon operator. If it runs code, I can break it.
Advanced penetration testing, attack simulation, and vulnerability research designed to expose weaknesses before real attackers do.

phishingbrute force network reconbug bounty osintred teamexploit dev
get in touch
scroll
01Operations
"the best way to defend is to attack first."
Offensive mindset. Defensive outcome. Every engagement starts with thinking like the adversary.
"a shell is a conversation. i speak the language."
From initial access to domain admin. Clean pivots, minimal noise, maximum impact.
"they patched the CVE. i found the one they missed."
Chained vulnerabilities, logic flaws, zero-days. The attack surface is never fully closed.
01
Operation Mirror Lakephishing simulation
Multi-stage spear phishing for a Fortune 500 red team. AiTM proxy pages with 34% click-through rate. Full campaign — recon to credential harvest.
GoPhishEvilginx2OSINTSocial Engineering
active+
02
Project Locksmithbrute force / auth bypass
Distributed credential stuffing using leaked dataset correlation. 847 weak credentials found across 3 enterprise targets — all responsibly disclosed.
HydraHashcatPythonCredential Stuffing
disclosed+
03
DarkMap Suitenetwork scanning & recon
Custom recon framework — passive OSINT + active scanning. Topology graph generation, service fingerprinting, 2M ports/min on 10Gbps.
NmapShodanMasscanPython / Go
ongoing+
04
CVE-2024-REHNOVA-01bug bounty — critical
IDOR + S3 misconfiguration chain on major fintech platform. Full ATO on 2.1M users. CVSS 9.8. Patched in 11 days. Hall of Fame listed.
IDORAWS S3ATOHackerOne
$8,500+
05
Operation Threadfinderred team — network targeting
3,200-node healthcare AD environment. Kerberoasting → service accounts → lateral movement → DC in 3h47m.
BloodHoundImpacketKerberoastingActive Directory
delivered+
06
Ghost Chain XSSbug bounty — critical
Stored XSS + CSRF chain on a CMS with 100K+ installs. Self-propagating worm across admin panels. P1 critical — $12,000 bounty.
Stored XSSCSRFBurp SuiteJavaScript
$12,000+
02Arsenal
PHISH BRUTE NET BUG OSINT RED
Phishing
93
Brute Force
88
Network Recon
95
Bug Bounty
91
OSINT
87
Red Teaming
84
03About
rehnova@void — bash — 80x24
Greenwich Collective Shell — type 'help' for commands
~$ 
04Toolkit

> live demos — browser-only, nothing leaves your machine.

port_scanner.py SIM
TARGET
RANGE
awaiting target...
cipher.sh LIVE
METHOD
output will appear here...
breach_lookup.sh SIM
TARGET
enter a target to scan...
pkt_capture.py LIVE
press START to capture packets...
0 pkts
hashcrack.py SIM
HASH
LIST
paste a hash to begin...
osint_recon.py SIM
DOMAIN
enter a domain to begin passive recon...
05Contact

pgp-encrypted comms preferred. i don't trust plain text.

emailinfo.rehnova@gmail.com
hackerone@rehnova
githubgithub.com/rehanrehnova
telegram@rehnova_sec
pgpA3F2 9B1C 4E87 D02A