Skip to content

Instantly share code, notes, and snippets.

View danilabs's full-sized avatar

Daniel danilabs

86 followers · 53 following
View GitHub Profile
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active August 24, 2025 08:37
Subdomain Wordlist
@s4vitar
s4vitar / Preparación OSWP.md
Last active September 19, 2025 02:47
@christiansteier
christiansteier / docker_traefik_portainer_letsencrypt.sh
Last active January 2, 2023 02:50
Simple bash script to install docker, traefik, portainer and ctop. Compatible with: Debian stretch
#!/bin/bash
SCRIPTNAME=$(basename $0 .sh)
EXIT_SUCCESS=0
EXIT_FAILURE=1
TZ=Europe/Berlin
NETWORKNAME=eth0
HOSTNAME=hostname
FQDN=domain.org
DOCKERCOMPOSE=1.21.2
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active September 16, 2025 17:32
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active May 14, 2025 19:15 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@mhmdiaa
mhmdiaa / waybackurls.py
Last active October 11, 2025 18:12
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@random-robbie
random-robbie / DutchGov.txt
Last active January 22, 2025 02:41
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope - taken from - https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid
http://www.rijksoverheid.nl
http://www.rivm.nl
http://coronadashboard.rijksoverheid.nl
http://www.nederlandwereldwijd.nl
http://www.government.nl
http://lci.rivm.nl
http://www.rvo.nl
http://www.defensie.nl
http://www.werkenvoornederland.nl
http://www.rijkswaterstaat.nl
@avinash-oza
avinash-oza / boot-from-ram-debian.md
Last active July 29, 2025 03:30
How to boot from RAM on debian
@rondy
rondy / Effective_Engineer.md
Last active October 11, 2025 23:56

FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.

Effective Engineer - Notes

What's an Effective Engineer?

@dergachev
dergachev / setuid-root-backdoor.md
Last active September 2, 2024 12:08
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur