Skip to content

Instantly share code, notes, and snippets.

View ChihChengLiang's full-sized avatar

Chih Cheng Liang ChihChengLiang

322 followers · 138 following
View GitHub Profile
@ChihChengLiang
ChihChengLiang / github_bugbountyhunting.md
Created October 7, 2017 15:36 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@ChihChengLiang
ChihChengLiang / python2_startup.sh
Created December 20, 2015 17:17 — forked from shiraco/python2_startup.sh
EC2 Ubuntu python startup
#!/bin/bash
# update the local repo listing
sudo apt-get update -y
sudo apt-get upgrade -y
# install language-pack-ja
sudo apt-get -y install language-pack-ja
# install git
@ChihChengLiang
ChihChengLiang / googleforms2slack.gs
Created November 25, 2015 15:03 — forked from andychase/googleforms2slack.gs
Google Forms Slack Notification
// Google Forms Slack Notification
// Andy Chase <github.com/andychase>
// License: CC0 1.0 Universal <creativecommons.org/publicdomain/zero/1.0>
// Install 1: This code goes in ( tools > script editor... ) of your google docs form
// Install 2: ( resources > current project triggers ) ( [onSubmit], [from Form], [On form submit] )
// Setup 1: Put your slack api url below
var POST_URL = "https://hooks.slack.com/services/";
function onSubmit(e) {
@ChihChengLiang
ChihChengLiang / gist:c4a0dc765c66d8581e7f
Last active August 29, 2015 14:18 — forked from Belgand/gist:2856947

Sublime Text 2 – Useful Shortcuts (Ubuntu)

General

Ctrl+KB toggle side bar
Ctrl+Shift+P command palette
Ctrl+` python console
Ctrl+N new file

Editing

@ChihChengLiang
ChihChengLiang / Node Linode Stackscript
Last active August 29, 2015 14:17 — forked from marbemac/Node Linode Stackscript
#!/bin/bash
# <UDF name="user_name" label="Unprivileged user account name" example="This is the account that you will be using to log in or deploy (deployer)." default="deployer" optional="false" />
# <UDF name="user_password" label="Unprivileged user password" optional="false" />
# <UDF name="user_sshkey" label="Public Key for user" default="" example="Recommended method of authentication. It is more secure than password log in." optional="false" />
# <UDF name="user_shell" label="Shell" oneof="/bin/zsh,/bin/bash" default="/bin/bash" />
# <UDF name="sys_hostname" label="System hostname" default="myvps" example="Name of your server, i.e. linode1." optional="false" />
# <UDF name="sys_private_ip" Label="Private IP" default="" example="Configure network card to listen on this Private IP (if enabled in Linode/Remote Access settings tab). See http://library.linode.com/networking/configuring-static-ip-interfaces" optional="false" />
USER_GROUPS=sudo
@ChihChengLiang
ChihChengLiang / 走火入魔的十個階段
Created July 20, 2014 03:21 — forked from letoh/原文備份
原文
ループが書けなくなる(或いは再帰依存症)レベル10
http://d.hatena.ne.jp/yuki_neko_nyan/20090217/1234850409
level 0
不會寫遞迴,也沒辦法用遞迴思考。只覺得用迴圈寫就好了。
level 1
開始學習遞迴,但只要一用遞迴思考就覺得煩。有時還會忘了寫終止條件。覺得實在太麻煩了還是想寫迴圈就好。