Skip to content
View xeloxa's full-sized avatar
🎯
Focusing
🎯
Focusing
106 followers · 133 following

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Organizations

@Nolva-Security

Block or report xeloxa

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
xeloxa/README.md

Welcome! 👋

I'm an Ethical Hacker & Penetration Tester passionate about Cloud, Web App & Application Security. I focus on offensive security and actively contribute to open-source projects.

🚀 Projects

  • s3finder - A tool for discovering and analyzing open S3 buckets
  • wp-hunter - WordPress vulnerability scanner and reconnaissance tool
  • aws-clf-c02-notlari - AWS Certified Cloud Practitioner study notes

More projects coming soon! 🛠️

🛡️ Security Contributions

Repository Stars Fix
lukilabs/craft-agents-oss GitHub Repo stars Fixed path traversal in STORE_ATTACHMENT IPC handler (v0.3.2) · ↗ #142
NoeFabris/opencode-antigravity-auth GitHub Repo stars Set 0600 permissions for credential storage · ↗ #353

More contributions coming soon! 🔜

🔍 CVE

CVE ID Status Description
CVE-2026-1993 ⏳ Reserved Coming soon
CVE-2026-1992 ⏳ Reserved Coming soon
CVE-2026-1857 ✅ Published SSRF vulnerability in Kadence Blocks <= 3.6.1
CVE-2026-2633 ✅ Published Missing authorization in Kadence Blocks <= 3.6.1 allows unauthorized media upload

More coming soon! 🔜

💥 Exploits

CVE ID Exploit Exploit-DB Description
CVE-2024-28397 ↗ GitHub ⏳ Pending Remote Code Execution in Js2Py
xeloxa's GitHub streak xeloxa's GitHub stats

Pinned Loading

  1. WP-Hunter WP-Hunter Public

    WP-Hunter is a WordPress plugin/theme reconnaissance and static analysis (SAST) tool. It is designed for security researchers to evaluate the vulnerability probability of plugins by analyzing metad…

    Python 36 7

  2. s3finder s3finder Public

    A high-performance CLI tool for discovering AWS S3 buckets using intelligent name generation. Combines traditional wordlist scanning with LLM-powered suggestions to find buckets that other tools miss.

    Go 2 2

  3. CVE-2024-28397-Js2Py-RCE-Exploit CVE-2024-28397-Js2Py-RCE-Exploit Public

    Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.

    Python 2

  4. aws-clf-c02-notlari aws-clf-c02-notlari Public

    Bu repository, AWS Certified Cloud Practitioner sınavı için aldığım notları ve sınav ipuçlarını içeren bir yönlendirme kaynağıdır. Notlar "AWS SkillBuilder - AWS Cloud Practitioner Essentials" kurs…

    3