Skip to content

Instantly share code, notes, and snippets.

popping shellz on ya box


popping shellz on ya box
View GitHub Profile
m4ll0k /
Last active Aug 3, 2021
My Javascript Recon Process - BugBounty


This is a simple guide to perform javascript recon in the bugbounty


  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
s0md3v / concurrency.go
Last active Oct 15, 2020
concurrency in golang
View concurrency.go
package main
import (
func example_function(){
// function to be run concurrently
View nbAdBypass.js
Bookmarklet to get rid of NameBio ads.
Requires some effort, to click on the bookmark, to execute the JS code.
I may port it to an extension at some point of time if the ads get more intrusive ;)
dwisiswant0 / .bash_profile
Created May 27, 2020
SQLi & XSS Vulnerability Scanner
View .bash_profile
# ▶ go get -u
# ▶ go get -u
# ▶ go get -u
# ▶ go get -u
# ▶ git clone
gauq() {
payloadartist /
Last active Feb 6, 2021
Enumerate sub-domains, then open them in Firefox automatically. Useful for taking a quick glance at target's assets, and make notes, while doing recon.
# ------Instructions---------
# Install (and configure) subfinder, assetfinder, and httprobe
# go get -v && go get -v && go get -v
# cat >> ~/.bashrc
# source ~/.bashrc
# Usage - subf_ff target.tld
# asset_ff target.tld
subf_ff () {
subfinder -d $1 -silent -t 100 | httprobe -c 50 | sort -u | while read line; do firefox $line; sleep 10; done
EdOverflow /
Last active Jul 29, 2021
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python --org organization -o /tmp/output
wh1tney /
Last active Aug 2, 2021
How to deploy a static website to Heroku


This is a quick tutorial explaining how to get a static website hosted on Heroku.

Why do this?

Heroku hosts apps on the internet, not static websites. To get it to run your static portfolio, personal blog, etc., you need to trick Heroku into thinking your website is a PHP app. This 6-step tutorial will teach you how.

Basic Assumptions

evilpacket / gist:3628941
Created Sep 5, 2012
Top 1000 from Alexa Top 1million
View gist:3628941
wget -q;unzip; awk -F ',' '{print $2}' top-1m.csv|head -1000 > top-1000.txt; rm top-1m.csv*