12-day longest streak
Hi there, I'm Daffa 👋 Im Muhammad Daffa, a full time Vulnerability Researcher at spiderSilk. I focus on web application security, bug hunting, and vulnerability discovery. I’m particularly interested in…
Hi there, I'm Daffa 👋
Im Muhammad Daffa, a full time Vulnerability Researcher at spiderSilk.
I focus on web application security, bug hunting, and vulnerability discovery. I’m particularly interested in identifying real world attack vectors and improving offensive security techniques.
Contact Me
-
AllAboutBugBounty ★ PINNED
All about bug bounty (bypasses, payloads, and etc)
★ 6.8k 2y agoExplain → -
match-replace-burp ★ PINNED
Useful "Match and Replace" burpsuite rules
★ 373 2y agoExplain → -
all-about-apikey ★ PINNED
Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)
★ 296 2y agoExplain → -
bypass-403 ★ PINNED
Go script for bypassing 403 forbidden
Go ★ 164 4y agoExplain → -
ctf-writeup ★ PINNED
CTF Writeups
Python ★ 188 1y agoExplain → -
suricata-rules ★ PINNED
Suricata rules that can detect a wide range of threats, including malware, exploits, and other malicious activity especially web application attacks
Python ★ 62 2y agoExplain → -
Key-Checker ▣
Go scripts for checking API key / access token validity
Go ★ 222 4y agoExplain → -
Oneliner-Bugbounty
A collection oneliner scripts for bug bounty
★ 185 2y agoExplain → -
Git-Secret ▣
Go scripts for finding sensitive data like API key / some keywords in the github repository
Go ★ 158 4y agoExplain → -
bash-bounty
Random Tools for Bug Bounty
Shell ★ 150 3y agoExplain → -
my-nuclei-templates
Some contributions in the nuclei-templates repository
★ 63 4y agoExplain → -
apiguesser-web
Simple website to guess API Key / OAuth Token
JavaScript ★ 48 3y agoExplain → -
apiguesser
Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/
Go ★ 43 3y agoExplain → -
jawaban-toki ▣
Jawaban pemrograman C dan C++ https://tlx.toki.id/
C++ ★ 18 6y agoExplain → -
vulnerable-web
Simple vulnerability labs that created using PHP and MySQL.
PHP ★ 16 3y agoExplain → -
vulnlabs
A simple vulnerable webapp created by PHP
CSS ★ 14 1y agoExplain → -
nuclei-malware
Template to detect some malware
★ 14 2y agoExplain → -
PayloadsAllTheThings ⑂
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Python ★ 13 4y agoExplain → -
malpacks
Tools for Detecting Malicious Packages
Python ★ 12 2y agoExplain → -
dns-lookup
DNS lookup using Go
Go ★ 12 4y agoExplain → -
mailspoof
Simple API to scans SPF, DMARC, DKIM records for issues that could allow email spoofing.
PHP ★ 8 2y agoExplain → -
complete-php-crud ▣
PHP CRUD + Login and Register
PHP ★ 5 5y agoExplain → -
ai-exploits ⑂
A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
Python ★ 4 1y agoExplain → -
notifier
Golang tool to send notifications to LINE app
Go ★ 3 4y agoExplain → -
daffa.info
Personal website and blog made using Hugo and PaperMod theme
★ 2 1y agoExplain → -
xss-cheatsheet-data ⑂
This repository contains all the XSS cheatsheet data to allow contributions from the community.
★ 2 5mo agoExplain → -
Coronavirus-Tracking-Web ▣
Website info-corona.id
HTML ★ 2 6y agoExplain → -
subfinder ⑂
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Go ★ 2 3y agoExplain → -
openxpki-installer ▣
Simple bash script to install OpenXPKI on Debian
Shell ★ 2 3y agoExplain → -
budgetku
Final Project for Mobile Device Programming Course
Java ★ 2 3y agoExplain → -
cvelist
No description.
Python ★ 1 45m agoExplain → -
nuclei-templates ⑂
Community curated list of templates for the nuclei engine to find security vulnerabilities.
JavaScript ★ 1 8d agoExplain → -
daffainfo
No description.
★ 1 2mo agoExplain → -
nuclei ⑂
Fast and customizable vulnerability scanner based on simple YAML based DSL.
★ 1 2y agoExplain → -
metasploit-framework ⑂
Metasploit Framework
Ruby ★ 1 8mo agoExplain → -
gemastik-xvii-final ⑂
gemastik-xvii-final public repository
★ 1 1y agoExplain → -
GTFOBins.github.io ⑂
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
HTML ★ 1 2y agoExplain →
No repos match these filters.