Daniel Dusek dusekdan

## crontab_reminder
SHELL=/bin/sh
PATH=/usr/bin

# m h  dom mon dow   command
50 * * * * XDG_RUNTIME_DIR=/run/user/$(id -u) notify-send "Rest break!" "Stand up, stretch and relax"

## openinbrowser.py
#! /usr/bin/python3
import webbrowser, sys

if len(sys.argv) < 3:
    print("Usage: openinbrowser.py ./urls.txt 20")
    quit()

f = open(sys.argv[1])
tabs = int(sys.argv[2])
counter = 1

## flight.go
package main

import (
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"time"
)

## h1-702-web-ctf.md

      
              1 file
            
          
              1 fork
            
          
              1 comment
            
          
              7 stars
            
          
                bayotop
                / h1-702-web-ctf.md
            
            
              Created
              June 20, 2018 20:01
            
              
                h1-702 CTF 2018 - Web 1
              
          
    Description


Announcement: https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018
CTF: https://h1-702-2018.h1ctf.com/

Web challenge 1

The first challenge was available at http://159.203.178.9. The root page introduces a hidden service that allows to securely store notes. The goal is to find a flag hidden in one of these notes.
Finding the service


## reddit.sh
#!/bin/bash

# Variables
BOLD='\033[1m'
END='\033[0m'

# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q  2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q  2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")

## gitgrepper
#!/bin/bash

echo "*** Running..."

keywords=(
	"password"
	"key"
	"passwd"
	"secret"
)

## pgp_public_key.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFhrJiwBEADCAf2/KIky7iVU+OnU16vXs9yewnevPCkKTNwWfcPbmxGGiN/n
DAAUOxJ62XiXC5MKVThr2od9kl/VtBI9IYtAqXCQ/hA9yTUJ47/ZcM55RQqyiwjP
DWjZXzp5V2P+/Ny3nyST1Z7/kH6GlFZ6+nPOkeQSQyYjwqPqwz2UZL0h+rZHTlzE
edGlilStHFOuwdqfsDZtb0qGaXT7AN1BPmn9ulzNG/8lcssIGio3/xLJ5fLCfoqx
Qb0iZPtiOCiPSJwM484a8JgHrwmsoBlOJmJ6tZc9HohU4OFgZyCwnxE0fTcNvuDt
+JDCNCumpoa8/6x7U0eIg2ghJ9EDRliy1O5VxHLttOz/I+1guEedk/EcOx/5Q1Zz
BPdJuBrB2ryJ1GDEJi+Cy3MCI48VTc3/4toGarGyH/gaVWOfFt1QJAaXPPFkij5Y
egfAy6yQYY0uYGml65VK0QdsRuZESjAYkXcUpdOiGdrUp77JwgNEuMmBZ7Q1d3jn

## zipapp.md

      
              1 file
            
          
              13 forks
            
          
              3 comments
            
          
              63 stars
            
          
                lukassup
                / zipapp.md
            
            
              Last active
              September 12, 2023 02:17
            
              
                Python zipapp
              
          
    Python zipapp web apps

What's a zipapp?
This concept is very much like .jar or .war archives in Java.

NOTE: The built .pyz zipapp can run on both Python 2 & 3 but you can only build .pyz zipapps with Python 3.5 or later.

Initial setup


## github_bugbountyhunting.md

      
              1 file
            
          
              98 forks
            
          
              15 comments
            
          
              531 stars
            
          
                EdOverflow
                / github_bugbountyhunting.md
            
            
              Last active
              April 20, 2024 01:36
            
              
                My tips for finding security issues in GitHub projects.
              
          
    GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output

  
## bugbountyfaq.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              19 stars
            
          
                EdOverflow
                / bugbountyfaq.md
            
            
              Last active
              April 4, 2022 16:18
            
              
                A list of questions that bug bounty hunters frequently DM me about.
              
          
    Bug Bounty FAQ

A list of questions that bounty hunters frequently DM me about. 😄
How do I get started with bug bounty hunting? How do I improve my skills?

I have a simple philosophy that I share with everyone:

Learn to make it. Then break it!
Read books. Lots of books.
	SHELL=/bin/sh
	PATH=/usr/bin

	# m h dom mon dow command
	50 * * * * XDG_RUNTIME_DIR=/run/user/$(id -u) notify-send "Rest break!" "Stand up, stretch and relax"
	#! /usr/bin/python3
	import webbrowser, sys

	if len(sys.argv) < 3:
	print("Usage: openinbrowser.py ./urls.txt 20")
	quit()

	f = open(sys.argv[1])
	tabs = int(sys.argv[2])
	counter = 1
	#!/bin/bash

	# Variables
	BOLD='\033[1m'
	END='\033[0m'

	# Queries
	site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" \| tidy -q 2> /dev/null \| grep "search-link")
	url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" \| tidy -q 2> /dev/null \| grep "search-link")
	self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" \| grep "search-title")
	#!/bin/bash

	echo "*** Running..."

	keywords=(
	"password"
	"key"
	"passwd"
	"secret"
	)
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQINBFhrJiwBEADCAf2/KIky7iVU+OnU16vXs9yewnevPCkKTNwWfcPbmxGGiN/n
	DAAUOxJ62XiXC5MKVThr2od9kl/VtBI9IYtAqXCQ/hA9yTUJ47/ZcM55RQqyiwjP
	DWjZXzp5V2P+/Ny3nyST1Z7/kH6GlFZ6+nPOkeQSQyYjwqPqwz2UZL0h+rZHTlzE
	edGlilStHFOuwdqfsDZtb0qGaXT7AN1BPmn9ulzNG/8lcssIGio3/xLJ5fLCfoqx
	Qb0iZPtiOCiPSJwM484a8JgHrwmsoBlOJmJ6tZc9HohU4OFgZyCwnxE0fTcNvuDt
	+JDCNCumpoa8/6x7U0eIg2ghJ9EDRliy1O5VxHLttOz/I+1guEedk/EcOx/5Q1Zz
	BPdJuBrB2ryJ1GDEJi+Cy3MCI48VTc3/4toGarGyH/gaVWOfFt1QJAaXPPFkij5Y
	egfAy6yQYY0uYGml65VK0QdsRuZESjAYkXcUpdOiGdrUp77JwgNEuMmBZ7Q1d3jn