Dwi Siswanto

Scanning APK file for URIs, endpoints & secrets.

A collection of awesome one-liner scripts especially for bug bounty tips.

A fast tool to scan CRLF vulnerability written in Go

The fastest dork scanner written in Go.

A fast DOM based XSS vulnerability scanner with simplicity.

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

A fast tool to fetch URLs from HTML attributes by crawl-in.

Secret and/or credential patterns used for gf.

CloudFlare Checker written in Go

A fast & light web screenshot without headless browser but Chrome DevTools Protocol!

Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

A tool for append URLs, skipping duplicates/paths & combine parameters.

A simple way of sending messages from the CLI output to your Slack with webhook.

ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.

TLDs finder — check domain name availability across all valid top-level domains.

A drop-in replacement to Apple Hearing - Background Sounds with over 30+ available sounds.

Hides message with invisible Unicode characters

Dump all available paths and/or endpoints on WADL file.

ChatGPT 🤖 with Textual User Interface (TUI) mode written in Go.

A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

Host Header Injection Checker

A fast GitHub stargazers information gathering tool

CVE-2025-49844 – Redis Lua Parser Use-After-Free

A wrapper around grep, to help you grep for things! - Improved version of gf by @tomnomnom.

Pre-auth RCE in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0.

It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.

Nuclei Templates Directory

Running nuclei Continuously

Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")

Looking for JAR files that are vulnerable to Log4j RCE (CVE‐2021‐44228)?

convert secret patterns to gf compatible.

Free source to check, verify & validate BIN (Bank Identification Number), credit, debit, charge or a prepaid card.

A simple way of sending messages from the CLI output to your Discord channel with webhook.

A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.

Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.

Google Hack Database dork automatic tool.

@wifi.id Account Extractor & Checker

Automatically Betting for Bitsler.com

MCP server for Delve debugger integration

A curated GitHub repository that's in-scope and eligible for bounty.

Follina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go

huntr.dev public disclosures/hacktivity watcher

Get faucet DOGE coin every minutes

go doc, glamorous: ✨ terminal chic, 🤖 assistant-ready, and 📦 programmable.

DNS at ludicrous speed for Go, powered by XDP sockets. [EXPERIMENTAL]

HackerOne Hacktivity -> Discord Webhook with Embeds

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

siml is a CLI tool for discovering similar, related to, competitive, or alternative options to a given site.

Cox is bluemonday-wrapper to perform a deep-clean and/or sanitization of (nested-)interfaces from HTML to prevent XSS payloads.

Want to execute command repeatedly without workache? Here is shloop born for it!

This repository gathers matchers from Nuclei templates designed to fool the Nuclei scanner.

a Go implementation of the rapidhash V3 algorithm - a very fast, high quality, platform-independent hashing algorithm.

pcregexp is a drop-in replacement for standard `regexp` package that uses PCRE2 without Cgo, supporting lookarounds and backreferences.

Interactivity with *nix shell system flexibly via Slack slash commands.

AWS S3 Downloader

CVE-2020-5902

Auto replaces commit hash prefix incrementally with lucky-commit by hooking post-commit.

YouTube Download

A crack 💥 version of Ghostify, that helps you view Instagram stories without a trace (the story owner won't know you saw their story!)

My advisories (backlog)

Get newest cryptocurrency coin price notifications from Indodax market on your desktop!

a fast Go mmap library with `*os.File`-compatible I/O, zero-copy, up to 50x+ faster.

A secure drop-in replacement for rm(1) with multi-pass data wiping algorithms to prevent data recovery.

Updated common web attack threat dataset

A collection of Go hacks maintained by yours truly.

A fast, generic, and thread-safe in-memory/persistence cache for Go. 2x+ faster than the original.

brings Bash-style globbing to your filesystem matching.

CVE-2025-46819 – Redis Lua Long-String Delimiter Out-of-Bounds Read

A vast collection of security tools.

CVE-2020-24148 Proof-of-Concept

This repository contains all the XSS cheatsheet data to allow contributions from the community.

GitHub Advisory Databse -> Discord Webhook

yyjson for Go, transpiled, CGo-free, 2-4x faster.

Threat Watchdog Discord Bot

CVE-2025-46817 – Redis Lua unpack Integer Overflow (Potential RCE)

CVE-2025-46818 – Redis Lua Sandbox Cross-User Escape

PoC for CVE-2018-7600 Drupal SA-CORE-2018-002 (Drupalgeddon 2).

Community curated list of search queries for various products across multiple search engines.

Oversecured Vulnerable Android App

Xiaomi Backup Applications

Semantic code context for AI agents.

Community curated list of nuclei templates for finding unknown security vulnerabilities.

Awesome secure by default libraries to help you eliminate bug classes!

A simple protected web site using Flask with session-based authentication.

curated Go resources to provide comprehensive context to LLMs.

Converts `f/awesome-chatgpt-prompts` to be compatible with various AI platforms and/or agents.

LinkedIn Jobs -> Discord Webhook

valyala/fasttemplate but supports function calls, math, logical, and comparison operators, and direct expression evaluation.

A curated list of awesome Go frameworks, libraries and software

FOaaS Discord BOT integration to telling people to fuck off!

Go library to wait for the detached/unmounted state of a path.

No description.

Prepare Git Commit Message with AI: Write commit message based on code changes with AI.

A fast tool for cPanel user enumeration

Posting Public Telegram Channel Messages to Slack Channel

XDP (eXpress Data Path) for Go, transpiled, CGo-free.

libelf for Go, transpiled, CGo-free.

Zstandard compression for Go, transpiled, CGo-free.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Run Windows apps on 🐧 Linux with ✨ seamless integration

Go library to retrieve the client IP from HTTP requests

A CLI for creating better commits following the conventional commit guidelines. Written with Typescript | ZOD | Clack

A Django web application for curating Bug Bounty educational Videos

A significantly faster alternative to the classic Unix cp(1) command, copying large files and directories in a fraction of the time.

A powerful little TUI framework 🏗

Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)

FOAAS (Fuck Off As A Service) provides a modern, RESTful, scalable solution to the common problem of telling people to fuck off.

Library for supporting common tasks

CL.0 ee! Client-side desync fuzzing [WIP]

No description.

Spoon Cast BOT Tools

Always know what to expect from your data.

No description.

libbpf for Go, transpiled, CGo-free.

Safe, generic, and robust integer math library for Go.

Nodejs compatibility library for Goja

Vulnerability Scan with Nuclei

No description.

Online presentation for GitHub Pages and Jekyll in Markdown using reveal.js with a Solarized Color Theme

No description.

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try free: https://tidbcloud.com/free-trial

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Bring your own struct and make Go's flag package pleasant to use

a simple template to write your CV in a readable markdown file and use CSS to publish/print it.

Set up your GitHub Actions workflow with a specific version of Go

The fastest JSON library in C

Warp is an agentic development environment, born out of the terminal.

Go style and maintainability rules for ast-grep

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

100% POSIX and glibc compatible globbing library for C, Zig, and Rust that is faster and supports all the modern globbing formats and gitignore

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocked by CSPs that only allow certain whitelisted domains.

XDP Based Lightweight and Fast Firewall

Anthropic's original performance take-home, now open for you to try!

SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, xDC replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding. Enterprise version is at seaweedfs.com.

A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.

Workflows created by the community

No description.

A Jekyll theme based on the Hugo theme Archie by @athul.

Centralized docs of ProjectDiscovery

No description.

🍻 Default formulae for the missing package manager for macOS (or Linux)

Easily check licenses against Gumroad's API.

Astronomy Picture of the Day Bot: Generate GIF/MP4 files from original & annotated images

Embed ngrok secure ingress into your Go apps as a net.Listener with a single line of code.

PCRE in *pure* Go with Windows, Linux & MacOS support

Nuclei documentation

[WIP] Ignore binaries

An gologger (by ProjectDiscovery) wrapper to display backtrace

No description.

PHP Webhook for Slack BOT Interactivity with Slash Commands

Recursively repository cloning & do something inside that shit

No description.

No description.

No description.