Skip to content

Instantly share code, notes, and snippets.

View EdOverflow's full-sized avatar
I swear there was an XSS somewhere around here...

EdOverflow EdOverflow

I swear there was an XSS somewhere around here...
3.2k followers · 22 following
View GitHub Profile
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 29, 2024 14:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@EdOverflow
EdOverflow / gitgrepper
Created April 19, 2018 15:27
Simple Bash script to find interesting data in GIT logs.
#!/bin/bash
echo "*** Running..."
keywords=(
"password"
"key"
"passwd"
"secret"
)
@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active May 30, 2023 18:31
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
@EdOverflow
EdOverflow / open_redirect_wordlist.txt
Last active February 21, 2023 14:30
/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
@EdOverflow
EdOverflow / bugbountyfaq.md
Last active April 4, 2022 16:18
A list of questions that bug bounty hunters frequently DM me about.

Bug Bounty FAQ

A list of questions that bounty hunters frequently DM me about. 😄

How do I get started with bug bounty hunting? How do I improve my skills?

I have a simple philosophy that I share with everyone:

  • Learn to make it. Then break it!
  • Read books. Lots of books.
@EdOverflow
EdOverflow / bug-bounty-wordlist.txt
Created August 3, 2020 15:49
Good short wordlist for directory bruteforcing.
cgi-bin
images
admin
includes
modules
templates
cache
media
js
language
@EdOverflow
EdOverflow / atul_hax.md
Created May 22, 2020 13:19

As an ex-triager what advice would you give to everyone?

Don‘t write an essay; get to the point. In other words, address the Five Ws in your opening paragraph. Do not waffle on about the issue, your life, your pet cats... oh and did I tell you about Mike‘s pet frog?

From personal experience, triagers typically have to triage around 180 reports a week (this may be more now ... I am looking at you, still). Do you think triagers want to hear what Wikipedia has to say on XSS?

Without breaching the terms of the bug bounty program‘s policy, focus more on the exploitability of the issue by illustrating this in your proof of concept rather than emphasising the type of vulnerability you are reporting. Let the impact do the talking; not the bug class. If you end up disagreeing with the final bounty amount, highlighting your description of the exploitability allows for civil discourse. You do not end up arguing hypotheticals with the program.

What was the w

@EdOverflow
EdOverflow / a-recon-services-list-for-liveoverflow.md
Last active April 29, 2021 13:29
@EdOverflow
EdOverflow / ghcheck
Created April 6, 2019 15:26
Quickly determine the validity and scope of a GitHub access token.
#!/bin/bash
GREEN='\033[0;32m'
RED='\033[0;31m'
END='\033[0m'
request=$(curl -s -u "hehe:$1" https://api.github.com/user)
name=$(echo "$request" | jq -r ".login" 2> /dev/null)
if [[ $name == "null" ]]; then
echo -e "${RED}Not a GitHub access token.${END}"
@EdOverflow
EdOverflow / hiring.txt
Created May 18, 2019 10:22
$ curl -s "https://crawler.ninja/files/security-txt-values.txt" | grep -i "hiring: http" | sed 's/^#//g' | awk '{print $2}'
https://www.tumblr.com/jobs
https://kariera.shoptet.cz/
https://g.co/SecurityPrivacyEngJobs
https://www.shopify.com/careers
https://solarwinds.jobs
https://www.chcidozootu.cz/it-devel/
https://careerssearch.bbc.co.uk/jobs/search
https://www.npmjs.com/jobs
https://grab.careers/