Skip to content

Instantly share code, notes, and snippets.

View 0xbharath's full-sized avatar
👨‍💻
Automating Appsec!

Bharath 0xbharath

👨‍💻
Automating Appsec!
350 followers · 291 following
View GitHub Profile
@0xbharath
0xbharath / github_bugbountyhunting.md
Created October 3, 2017 09:02 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@0xbharath
0xbharath / emails_from_ct_logs.py
Created January 17, 2018 13:03
A script to extract emails from Certificate Transparency logs
from __future__ import print_function
__author__ = 'Bharath'
__version__ = "0.1.0"
try:
import psycopg2
except ImportError:
raise ImportError('\n\033[33mpsycopg2 library missing. pip install psycopg2\033[1;m\n')
sys.exit(1)
@0xbharath
0xbharath / find-subdomains.bash
Created April 22, 2018 17:02
A quick and dirty bash one-liner to find sub-domains using certspotter API
find-cert()
{ curl -s https://certspotter.com/api/v0/certs?domain=$1 | jq -c '.[].dns_names' | grep -o '"[^"]\+"'; }
@0xbharath
0xbharath / subdomain_enum_vt.bash
Created April 25, 2018 09:56
A simple bash function to enumerate sub-domains using VirusTotal
find-subdomains-vt()
{ curl -s https://www.virustotal.com/ui/domains/$1/subdomains\?limit\=$2 | jq .data[].id; }
@0xbharath
0xbharath / misc
Created May 19, 2018 10:50
misc
Python debugger:
Stop programs mid execution
Examine it line by line
Look at the contents of the variable in the middle of the execution
Any python script can be set to be debugged
2 ways to start the debugger:
import pdb; pdb.set_trace()
python -m pdb script.py
@0xbharath
0xbharath / ct-log-sample-queries
Last active July 16, 2018 12:41
SELECT distinct issuer_ca_id, COUNT(*) FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%gov.in')) GROUP BY issuer_ca_id ORDER BY COUNT(*) desc;
SELECT certificate_id,issuer_o,issuer_cn FROM ccadb_certificate WHERE certificate_id IN(SELECT distinct certificate_id FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%appsecco.com')));
SELECT distinct ca.name, COUNT(*) count FROM certificate_identity ci, ca ca WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%gov.in')) AND ca.id=ci.issuer_ca_id GROUP BY ca.name ORDER BY count desc;
@0xbharath
0xbharath / find-aws-region.py
Last active November 12, 2019 00:10
A quick script to determine AWS Region from IP Address
from ipaddress import ip_network, ip_address
import json
import requests
import sys
def find_aws_region():
ip_json = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json')
#ip_json = json.load(open('ip-ranges.json'))
ip_json = ip_json.json()
prefixes = ip_json['prefixes']
@0xbharath
0xbharath / gist:e12fae73acc7b1a4d452e0dde95267c3
Created July 13, 2022 04:18
/blog
/blog/
/blog/blog.rss
/blog/page-data/
/blog/page-data/app-data.json
/blog/sw.js
/blog/_wpeprivate/config.json
/books
/.bower.json
/bower.json
@0xbharath
0xbharath / api-security-arch.png
Last active July 23, 2022 06:05
api-security-arch.png
@0xbharath
0xbharath / Frida-Unleashed.pdf
Last active September 15, 2022 11:15
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.