Skip to content

Instantly share code, notes, and snippets.

View jmingov's full-sized avatar

3boll jmingov

109 followers · 61 following
View GitHub Profile
@jmingov
jmingov / web server log analysis cheat sheet
Created September 7, 2021 18:47 — forked from hvelarde/web server log analysis cheat sheet
# get total requests by status code
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn
# get top requesters by IP
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head | awk -v OFS='\t' '{"host " $2 | getline ip; print $0, ip}'
# get top requesters by user agent
awk -F'"' '{print $6}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head
# get top requests by URL
@jmingov
jmingov / load_dotenv.sh
Created July 9, 2021 10:54 — forked from mihow/load_dotenv.sh
Load environment variables from dotenv / .env file in Bash
if [ ! -f .env ]
then
export $(cat .env | xargs)
fi
@jmingov
jmingov / system.rs
Created April 2, 2021 01:36 — forked from ArtemGr/system.rs
Read lines from a pipe as soon as they come out (useful for filtering).
#![feature(mpsc_select, box_syntax)]
use std::io;
use std::process::Command;
use std::sync::mpsc::{channel, Receiver, Select};
use std::string::FromUtf8Error;
use std::thread::spawn;
#[derive(Debug)]
enum PipeError {
@jmingov
jmingov / Session.php
Created May 13, 2020 21:57 — forked from Nilpo/Session.php
A simple session wrapper class to provide static OOP access to PHP sessions.
<?php
/**
* Session Helper Class
*
* A simple session wrapper class.
*
* Recommended for use with PHP 5.4.0 or higher. (Not required.)
*
* Usage Example:
@jmingov
jmingov / ppwt2.go
Last active June 18, 2018 21:04 — forked from neon520/ppwt2.go
package main
import (
"fmt"
"log"
"math/rand"
"time"
)
type Threader struct {
@jmingov
jmingov / github_bugbountyhunting.md
Created October 8, 2017 10:59 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@jmingov
jmingov / setupenv
Created August 18, 2017 21:18 — forked from nethunteros/setupenv
Easily select toolchain between 64bit and 32 bit kernel builds for Android
#/bin/bash
#
# Download toolschains:
# git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.7 toolchain
# git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9 -b marshmallow-release toolchain64
#
# Instructions to set toolchain for build:
# source setupenv 64
case "$1" in
@jmingov
jmingov / golang_on_rpi.md
Last active March 22, 2019 02:45 — forked from konradko/golang_on_rpi.md
Install Golang 1.8.1 on Raspberry Pi 
wget https://storage.googleapis.com/golang/go1.8.1.linux-armv6l.tar.gz
sudo tar -C /usr/local -xzf go1.8.1.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin

wget https://nodejs.org/dist/v7.10.0/node-v7.10.0-linux-armv7l.tar.xz 
tar -xvf node-v7.10.0-linux-armv7l.tar.xz
cd node-v7.10.0-linux-armv7l
@jmingov
jmingov / linux.sh
Created January 10, 2017 16:08 — forked from marcan/linux.sh
Linux kernel initialization, translated to bash
#!/boot/bzImage
# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.
# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name
@jmingov
jmingov / gist:ff5c6137abd759361f69494885b88a32
Created January 9, 2017 00:11 — forked from schmitch/gist:1571d2c15864202830ab
// TLS config, do not set InsecureSkipVerify to true in production
// since it will accept all certificates
config := &tls.Config{
InsecureSkipVerify: false,
ServerName: host,
}
c, err := smtp.Dial(server)
if err != nil {
log.Fatal(err)