I'm Wamiq Hilal — a Junior Penetration Tester and offensive security researcher. I map attack surfaces, chase vulnerabilities others miss, and turn findings into fixes, through a self-built home lab, VAPT projects, and hands-on reconnaissance tooling.
Computer Science graduate with a strong focus on offensive cybersecurity, penetration testing, and web application security. I enjoy identifying vulnerabilities, building practical security tooling, and sharpening my skills through hands-on labs and independent research.
My work centers on reconnaissance, enumeration, and vulnerability assessment — the phases where most real-world exposure gets found. I run a self-maintained offensive security lab using Kali Linux, DVWA, and Metasploitable to practice full attack chains safely and repeatably.
Currently building ReconMind, a modular Python reconnaissance framework, while deepening my methodology in bug bounty research and advanced network security.
Read like a scan report — the services I run, and how well I know them.
| Port | State | Service | Detail |
|---|---|---|---|
| 21/tcp | open | offensive-sec | Penetration Testing, VAPT, Reconnaissance, Enumeration, OWASP Top 10, Risk Assessment |
| 22/tcp | open | tooling | Burp Suite, Nmap, Wireshark, Hydra, Nikto, Nuclei, Subfinder, ffuf, Gobuster |
| 53/tcp | open | networking | TCP/IP, DNS, HTTP/HTTPS, Routing & Switching, ARP, DHCP, Subnetting, OSI Model |
| 443/tcp | open | platforms | Kali Linux, Windows, Linux administration & scripting |
| 8080/tcp | open | dev | Python, Bash, HTML, CSS, JavaScript |
Built and tested in my own lab environment. Click through to the source.
An intelligent, Python-based offensive security reconnaissance and vulnerability assessment framework — automating subdomain discovery, enumeration, and initial attack-surface mapping into a single modular pipeline.
A self-built virtual lab for practicing full attack chains end-to-end — Kali Linux against DVWA and Metasploitable — covering reconnaissance, exploitation, privilege escalation, and reporting.
Private lab environment — walkthrough available on request.
A structured VAPT engagement against a deliberately vulnerable target set — scoping, scanning, manual verification, CVSS-based risk scoring, and a formal findings report.
Private lab environment — walkthrough available on request.
Packet-level investigation of live and captured network traffic using Wireshark — protocol analysis, anomaly detection, and identifying indicators of compromise across TCP/IP traffic.
Private lab environment — walkthrough available on request.
Open to junior penetration testing and security analyst roles. Reach out directly — I reply fast.