Attention: the list was moved to
https://github.com/dypsilon/frontend-dev-bookmarks
This page is not maintained anymore, please update your bookmarks.
Attention: the list was moved to
https://github.com/dypsilon/frontend-dev-bookmarks
This page is not maintained anymore, please update your bookmarks.
import time | |
import zmq | |
import pprint | |
def result_collector(): | |
context = zmq.Context() | |
results_receiver = context.socket(zmq.PULL) | |
results_receiver.bind("tcp://127.0.0.1:5558") | |
collecter_data = {} | |
for x in xrange(1000): |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
# Copyright (c) 2011 X.commerce, a business unit of eBay Inc. | |
# Copyright 2010 United States Government as represented by the | |
# Administrator of the National Aeronautics and Space Administration. | |
# All Rights Reserved. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); you may | |
# not use this file except in compliance with the License. You may obtain | |
# a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 |
# Copyright 2010 United States Government as represented by the | |
# Administrator of the National Aeronautics and Space Administration. | |
# All Rights Reserved. | |
# Copyright (c) 2010 Citrix Systems, Inc. | |
# Copyright (c) 2011 Piston Cloud Computing, Inc | |
# Copyright (c) 2012 University Of Minho | |
# (c) Copyright 2013 Hewlett-Packard Development Company, L.P. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); you may | |
# not use this file except in compliance with the License. You may obtain |
# uname -a
Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz GenuineIntel GNU/Linux
# emerge -pvq openldap openssh sssd sudo
[ebuild R ] net-nds/openldap-2.4.38-r2 USE="berkdb crypt gnutls ipv6 minimal sasl ssl syslog tcpd -cxx -debug -experimental -icu -iodbc -kerberos -odbc -overlays -perl -samba (-selinux) -slp -smbkrb5passwd" ABI_X86="(64) -32 (-x32)"
#!/usr/bin/env bash | |
# convert OpenLDAP schema file to LDIF file | |
# | |
# Copyright 2012 NDE Netzdesign und -entwicklung AG, Hamburg | |
# Written by Jens-U. Mozdzen <jmozdzen@nde.ag> | |
# Copyright 2014 jaseg <github@jaseg.net> | |
# | |
# Permission is granted to use, modify and redistribute this file as long as | |
# - this copyright notice is left unmodified and included in the final code |
[ ca ] | |
# `man ca` | |
default_ca = CA_default | |
[ CA_default ] | |
# Directory and file locations. | |
dir = /root/ca | |
certs = $dir/certs | |
crl_dir = $dir/crl | |
new_certs_dir = $dir/newcerts |
[ ca ] | |
# `man ca` | |
default_ca = CA_default | |
[ CA_default ] | |
# Directory and file locations. | |
dir = /root/ca/intermediate | |
certs = $dir/certs | |
crl_dir = $dir/crl | |
new_certs_dir = $dir/newcerts |
#!/bin/python | |
# | |
# Copyright 2016 Flavio Garcia | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# |