Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Dawood Ikhlaq daudmalik06

🎯
Focusing
View GitHub Profile
@daudmalik06
daudmalik06 / google-dorks
Created May 13, 2019 — forked from stevenswafford/google-dorks
Listing of a number of useful Google dorks.
View google-dorks
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@daudmalik06
daudmalik06 / converter.sh
Created May 28, 2018 — forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
View converter.sh
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
fi
@daudmalik06
daudmalik06 / content_discovery_all.txt
Created May 27, 2018 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
View content_discovery_all.txt
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
View laravel_validation_in_config_folder.php
<?php
if (! function_exists('validationRules'))
{
/**
* return the validation rules of provided type
* from validation config
* @param string $validationType
* @param string|array|null $ruleKeys , rules to return
@daudmalik06
daudmalik06 / Burp certificate on Android
Created May 1, 2018 — forked from PaulSec/Burp certificate on Android
Add your Burp certificate on an Android device
View Burp certificate on Android
To do so:
1. Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format
2. Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem
3. Download it on the device
@daudmalik06
daudmalik06 / reddit.sh
Created Apr 29, 2018 — forked from EdOverflow/reddit.sh
Use reddit.com for recon purposes.
View reddit.sh
#!/bin/bash
# Variables
BOLD='\033[1m'
END='\033[0m'
# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q 2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")
@daudmalik06
daudmalik06 / github_bugbountyhunting.md
Created Mar 20, 2018 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.
View github_bugbountyhunting.md

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
View all.txt
This file has been truncated, but you can view the full file.
@
*
0
00
0-0
000
0000
00000
View addAttendee.php
<?php
include_once 'google-api-php-client/vendor/autoload.php';
$client = new Google_Client();
$application_creds = 'service-account-credentials.json';
$credentials_file = file_exists($application_creds) ? $application_creds : false;
define("SCOPE",Google_Service_Calendar::CALENDAR);
define("APP_NAME","Google Calendar API PHP");