NA attacker34

## aws_scan.py
import subprocess
import argparse
import re
import sys
import requests

def do_dig(domain):
    command = "dig {} | grep IN".format(domain)
    try:
        output = subprocess.check_output(command, shell=True, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)

## git-inspect.sh
DIFF_NUMBER=1

while read -n1 -r -p "$DIFF_NUMBER:" && [[ $REPLY != q ]]; do
  case $REPLY in
    j)
      DIFF_NUMBER=`expr $DIFF_NUMBER + 1`
    ;;
    k)
      DIFF_NUMBER=`expr $DIFF_NUMBER - 1`
    ;;

## waybackurls.py
import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

## waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool


def robots(host):
    r = requests.get(
        'https://web.archive.org/cdx/search/cdx\
        ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)

## instantkali.sh
#!/bin/bash
set -e
set -u

clear

ami="ami-10e00b6d"
size="t2.medium"
today=$(date +"%m-%d-%y-%H%M")
localip=$(curl -s https://ipinfo.io/ip)

## github_bugbountyhunting.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                attacker34
                / github_bugbountyhunting.md
            
            
              Created
              April 18, 2018 06:33
                — forked from EdOverflow/github_bugbountyhunting.md
            
              
                My tips for finding security issues in GitHub projects.
              
          
    GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output

  
## fake_useragent.json
{
	"randomize": {
		"0": "chrome"
	},
	"browsers": {
		"chrome": [
			"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
			"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36",
			"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
			"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",

## link_crawler.py
#!/usr/bin/env python

import os
import sys
import time
import pymongo
import requests
import urlparse
import datetime
from lxml import html

## extract_links.py
#!/usr/bin/env python

import sys
from lxml import html

def main():
	filename = sys.argv[1]

	with open(filename, 'rb') as f:
		lines = f.readlines()

## gitgrepper
#!/bin/bash

echo "*** Running..."

keywords=(
	"password"
	"key"
	"passwd"
	"secret"
)
	import subprocess
	import argparse
	import re
	import sys
	import requests

	def do_dig(domain):
	command = "dig {} \| grep IN".format(domain)
	try:
	output = subprocess.check_output(command, shell=True, stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
	DIFF_NUMBER=1

	while read -n1 -r -p "$DIFF_NUMBER:" && [[ $REPLY != q ]]; do
	case $REPLY in
	j)
	DIFF_NUMBER=`expr $DIFF_NUMBER + 1`
	;;
	k)
	DIFF_NUMBER=`expr $DIFF_NUMBER - 1`
	;;
	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
	#!/bin/bash
	set -e
	set -u

	clear

	ami="ami-10e00b6d"
	size="t2.medium"
	today=$(date +"%m-%d-%y-%H%M")
	localip=$(curl -s https://ipinfo.io/ip)
	{
	"randomize": {
	"0": "chrome"
	},
	"browsers": {
	"chrome": [
	"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36",
	"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
	"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36",
	#!/usr/bin/env python

	import os
	import sys
	import time
	import pymongo
	import requests
	import urlparse
	import datetime
	from lxml import html
	#!/bin/bash

	echo "*** Running..."

	keywords=(
	"password"
	"key"
	"passwd"
	"secret"
	)