This is your work, valued

Jakarta, Indonesia

Dwi Siswanto

Elite
@dwisiswant0

software-security r&d; bashturbation

apkleaks. Scanning APK file for URIs, endpoints & secrets.

6.2k

awesome-oneliner-bugbounty. A collection of awesome one-liner scripts especially for bug bounty tips.

3.2k

crlfuzz. A fast tool to scan CRLF vulnerability written in Go

1.6k

go-dork. The fastest dork scanner written in Go.

1.3k

findom-xss. A fast DOM based XSS vulnerability scanner with simplicity.

863

ppfuzz. A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

669

galer. A fast tool to fetch URLs from HTML attributes by crawl-in.

263

gf-secrets. Secret and/or credential patterns used for gf.

245

cf-check. CloudFlare Checker written in Go

238

go-stare. A fast & light web screenshot without headless browser but Chrome DevTools Protocol!

184

proxylogscan. A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

164

unew. A tool for append URLs, skipping duplicates/paths & combine parameters.

129

slackcat. A simple way of sending messages from the CLI output to your Slack with webhook.

117

ngocok. ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.

116

tlder. TLDs finder — check domain name availability across all valid top-level domains.

108

unch. Hides message with invisible Unicode characters

99

noizy. A drop-in replacement to Apple Hearing - Background Sounds with over 30+ available sounds.

98

wadl-dumper. Dump all available paths and/or endpoints on WADL file.

97

chatgptui. ChatGPT 🤖 with Textual User Interface (TUI) mode written in Go.

94

ipfuscator. A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

93

hinject. Host Header Injection Checker

84

stargather. A fast GitHub stargazers information gathering tool

70

CVE-2025-49844. CVE-2025-49844 – Redis Lua Parser Use-After-Free

66

gfx. A wrapper around grep, to help you grep for things! - Improved version of gf by @tomnomnom.

62

bounty-targets-alert. It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

60

nuclei-templates-dir. Nuclei Templates Directory

58

continuous-nuclei. Running nuclei Continuously

57

cve-2023-50164-poc. Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")

57

look4jar. Looking for JAR files that are vulnerable to Log4j RCE (CVE‐2021‐44228)?

44

secpat2gf. convert secret patterns to gf compatible.

38

cekBin. Free source to check, verify & validate BIN (Bank Identification Number), credit, debit, charge or a prepaid card.

36

discat. A simple way of sending messages from the CLI output to your Discord channel with webhook.

36

nodep. A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.

30

leakz-passive-workflow. Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.

28

gD0rk. Google Hack Database dork automatic tool.

27

WiFiID. @wifi.id Account Extractor & Checker

24

BitslerBOT. Automatically Betting for Bitsler.com

23

delve-mcp. MCP server for Delve debugger integration

21

osscope. A curated GitHub repository that's in-scope and eligible for bounty.

21

Faucet-DOGE-Bot. Get faucet DOGE coin every minutes

17

huntr-hacktivity. huntr.dev public disclosures/hacktivity watcher

17

gollina. Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go

17

advisory. My advisories (backlog)

7

ghostify-crack. A crack 💥 version of Ghostify, that helps you view Instagram stories without a trace (the story owner won't know you saw their story!)

7

CVE-2020-24148. CVE-2020-24148 Proof-of-Concept

5

xss-cheatsheet-data. This repository contains all the XSS cheatsheet data to allow contributions from the community.

5

offsectools_www. A vast collection of security tools.

5

CVE-2018-7600. PoC for CVE-2018-7600 Drupal SA-CORE-2018-002 (Drupalgeddon 2).

4

awesome-search-queries. Community curated list of search queries for various products across multiple search engines.

4

ovaa. Oversecured Vulnerable Android App

4