Skip to content

Instantly share code, notes, and snippets.

View lanmaster53's full-sized avatar

Tim Tomes lanmaster53

View GitHub Profile
lanmaster53 /
Last active March 21, 2024 13:00
Github permissions configuration for temporary external access.

Github Temporary External Access

Outside collaborators cannot be added to a team because team membership is restricted to members of the organization. Therefore, there are three options for providing temporary access to third parties for the purpose of a security assessment:

  1. Team Membershup approach (Open). Add the third party as a member of an organization with "Read" baseline "Member privileges". The advantage of this approach is that it gives blanket read access to everything without having to configure each repository independently. The disadvantage is that it may provide more access than is necessary.
  2. Team Membership approach (Restricted). Add the third party as a member of an organization with "No permission" baseline "Member privileges" and assign them to a restricted team. The advantage of this approach is that teams make it easy to add and remove people as needed without setting permissions every time. The disadvantage is that it removes global read access for all members, which must be r
lanmaster53 / unfollow.js
Created July 11, 2023 20:00
LinkedIn Unfollower Script
(() => {
let count = 0;
function getAllButtons() {
return document.getElementsByClassName('artdeco-button artdeco-button--muted artdeco-button--2 artdeco-button--secondary ember-view') || [];
async function unfollowAll() {
const buttons = getAllButtons();
for (let button of buttons) {
Based on the initial work of Digininja at While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
lanmaster53 / Dockerfile
Last active March 20, 2023 13:36
Docker image for running Python 3 scripts in a throw-away environment.
FROM python:slim
ENV TZ America/New_York
RUN mkdir -p /src
version: '3.7'
build: .
image: recon-ng
container_name: recon-ng
- '5000:5000'
lanmaster53 / introspection-query.graphql
Created June 12, 2019 17:57 — forked from craigbeck/introspection-query.graphql
Introspection query for GraphQL
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
directives {
lanmaster53 / git-shallower
Last active December 7, 2018 15:02
Basic script to update git repository without any history or excess data in .git
# Basic script to update a git repository without any history or excess data in .git.
# Parses the url from .git/config, downloads latest version, and purges everything in .git/ except the config file.
# Limitations:
# * Only works with the master branch.
# * Doesn't account for local virtual environments.
# * Doesn't allow for maintaining a stash of changes.
if [ -f $FILE ]; then
# parse the url from the config file
lanmaster53 / google-voice-purge.js
Last active November 27, 2018 21:14
Google Voice Purge Developer Console Script
Copy and paste this into the developer console for any view of the legacy Google Voice browser interface.
This script will page through and delete all objects in the view using keyboard shortcuts (51 = `#` = move to trash).
There is no shortcut for deleting objects permanently from trash. Trash is purged after 30 days according to Google.
var e2 = new KeyboardEvent("keydown", {view: window, key: "#",keyIdentifier: "U+0023", code: 'Digit3', shiftKey: true, bubbles: true, cancelable: true});
delete e2.which;
<!doctype html>
<html lang="en">
<meta charset="utf-8">
<title>Autocomplete Password Test</title>
function toggleType() {
var el = document.getElementById("pw");
if (el.type =="password") {
el.type = "text";
lanmaster53 /
Last active August 6, 2021 15:36
Burp Python Scripter scripts
# Moved to