Skip to content
View xeloxa's full-sized avatar
🎯
Focusing
🎯
Focusing
98 followers · 63 following

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Organizations

@Nolva-Security

Block or report xeloxa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
xeloxa/README.md

Welcome! 👋

I'm an Ethical Hacker & Penetration Tester passionate about Cloud, Web App & Application Security. I focus on offensive security and actively contribute to open-source projects.

🚀 Projects

  • s3finder - A tool for discovering and analyzing open S3 buckets
  • wp-hunter - WordPress vulnerability scanner and reconnaissance tool
  • aws-clf-c02-notlari - AWS Certified Cloud Practitioner study notes

More projects coming soon! 🛠️

🛡️ Security Contributions

Repository Stars Contribution Issue/PR Fix
lukilabs/craft-agents-oss ⭐ 2,661 Security vulnerability report #142 Fixed path traversal in STORE_ATTACHMENT IPC handler (v0.3.2)
NoeFabris/opencode-antigravity-auth ⭐ 8,130 Secure file permissions fix #353 Set 0600 permissions for credential storage

More contributions coming soon! 🔜

🔍 CVE

CVE ID Status Description
CVE-2026-1993 Reserved Coming soon
CVE-2026-1992 Reserved Coming soon
CVE-2026-1857 Reserved Coming soon

More coming soon! 🔜

💥 Exploits

CVE ID Exploit Description
CVE-2024-28397 Exploit Remote Code Execution in Js2Py
xeloxa's GitHub streak xeloxa's GitHub stats

Pinned Loading

  1. WP-Hunter WP-Hunter Public

    WP-Hunter is a WordPress plugin/theme reconnaissance and static analysis (SAST) tool. It is designed for security researchers to evaluate the vulnerability probability of plugins by analyzing metad…

    Python 20 3

  2. s3finder s3finder Public

    A high-performance CLI tool for discovering AWS S3 buckets using intelligent name generation. Combines traditional wordlist scanning with LLM-powered suggestions to find buckets that other tools miss.

    Go 2 1

  3. CVE-2024-28397-Js2Py-RCE-Exploit CVE-2024-28397-Js2Py-RCE-Exploit Public

    Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.

    Python 2

  4. aws-clf-c02-notlari aws-clf-c02-notlari Public

    Bu repository, AWS Certified Cloud Practitioner sınavı için aldığım notları ve sınav ipuçlarını içeren bir yönlendirme kaynağıdır. Notlar "AWS SkillBuilder - AWS Cloud Practitioner Essentials" kurs…

    2