Indonesia

Muhammad Daffa

Elite
@daffainfo

Vulnerability Researcher at spiderSilk

AllAboutBugBounty. All about bug bounty (bypasses, payloads, and etc)

6.8k

match-replace-burp. Useful "Match and Replace" burpsuite rules

373

all-about-apikey. Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)

297

Key-Checker. Go scripts for checking API key / access token validity

221

ctf-writeup. CTF Writeups

188

Oneliner-Bugbounty. A collection oneliner scripts for bug bounty

185

bypass-403. Go script for bypassing 403 forbidden

164

Git-Secret. Go scripts for finding sensitive data like API key / some keywords in the github repository

158

bash-bounty. Random Tools for Bug Bounty

150

my-nuclei-templates. Some contributions in the nuclei-templates repository

64

suricata-rules. Suricata rules that can detect a wide range of threats, including malware, exploits, and other malicious activity especially web application attacks

63

apiguesser-web. Simple website to guess API Key / OAuth Token

48

apiguesser. Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/

43

jawaban-toki. Jawaban pemrograman C dan C++ https://tlx.toki.id/

18

vulnerable-web. Simple vulnerability labs that created using PHP and MySQL.

16

nuclei-malware. Template to detect some malware

14

vulnlabs. A simple vulnerable webapp created by PHP

14

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

13

malpacks. Tools for Detecting Malicious Packages

12

dns-lookup. DNS lookup using Go

12

mailspoof. Simple API to scans SPF, DMARC, DKIM records for issues that could allow email spoofing.

8

complete-php-crud. PHP CRUD + Login and Register

5

ai-exploits. A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

4

notifier. Golang tool to send notifications to LINE app

3

subfinder. Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

2

openxpki-installer. Simple bash script to install OpenXPKI on Debian

2

Coronavirus-Tracking-Web. Website info-corona.id

2

budgetku. Final Project for Mobile Device Programming Course

2

daffa.info. Personal website and blog made using Hugo and PaperMod theme

2

GTFOBins.github.io. GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

1

daffainfo.

1

gemastik-xvii-final. gemastik-xvii-final public repository

1

nuclei-templates. Community curated list of templates for the nuclei engine to find security vulnerabilities.

1
33
Apply