Skip to content
View xeloxa's full-sized avatar
🎯
Focusing
🎯
Focusing
98 followers · 63 following

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLOAchievement: Pull Shark

Organizations

@Nolva-Security

Block or report xeloxa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
xeloxa/README.md

Welcome! 👋

I'm an Ethical Hacker & Penetration Tester passionate about Cloud, Web App & Application Security. I focus on offensive security and actively contribute to open-source projects.

🚀 Projects

  • s3finder - A tool for discovering and analyzing open S3 buckets
  • wp-hunter - WordPress vulnerability scanner and reconnaissance tool
  • aws-clf-c02-notlari - AWS Certified Cloud Practitioner study notes

More projects coming soon! 🛠️

🛡️ Security Contributions

Repository Stars Fix
lukilabs/craft-agents-oss GitHub Repo stars Fixed path traversal in STORE_ATTACHMENT IPC handler (v0.3.2) · ↗ #142
NoeFabris/opencode-antigravity-auth GitHub Repo stars Set 0600 permissions for credential storage · ↗ #353

More contributions coming soon! 🔜

🔍 CVE

CVE ID Status Description
CVE-2026-1993 ⏳ Reserved Coming soon
CVE-2026-1992 ⏳ Reserved Coming soon
CVE-2026-1857 ✅ Published SSRF vulnerability in Kadence Blocks <= 3.6.1
CVE-2026-2633 ✅ Published Missing authorization in Kadence Blocks <= 3.6.1 allows unauthorized media upload

More coming soon! 🔜

💥 Exploits

CVE ID Exploit Exploit-DB Description
CVE-2024-28397 ↗ GitHub ⏳ Pending Remote Code Execution in Js2Py
xeloxa's GitHub streak xeloxa's GitHub stats

Pinned Loading

  1. WP-Hunter WP-Hunter Public

    WP-Hunter is a WordPress plugin/theme reconnaissance and static analysis (SAST) tool. It is designed for security researchers to evaluate the vulnerability probability of plugins by analyzing metad…

    Python 20 3

  2. s3finder s3finder Public

    A high-performance CLI tool for discovering AWS S3 buckets using intelligent name generation. Combines traditional wordlist scanning with LLM-powered suggestions to find buckets that other tools miss.

    Go 2 1

  3. CVE-2024-28397-Js2Py-RCE-Exploit CVE-2024-28397-Js2Py-RCE-Exploit Public

    Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.

    Python 2

  4. aws-clf-c02-notlari aws-clf-c02-notlari Public

    Bu repository, AWS Certified Cloud Practitioner sınavı için aldığım notları ve sınav ipuçlarını içeren bir yönlendirme kaynağıdır. Notlar "AWS SkillBuilder - AWS Cloud Practitioner Essentials" kurs…

    2