Skip to content

Instantly share code, notes, and snippets.

View nil0x42's full-sized avatar
:octocat:
Writing GHRecon..soon to be published!

nil0x42

:octocat:
Writing GHRecon..soon to be published!
474 followers · 69 following
View GitHub Profile
@nil0x42
nil0x42 / fbssrfwebscan.py
Created December 8, 2017 00:09
Stupid SSRF PoC: scan some URL(s) for web content ... through facebook servers ...
#!/usr/bin/env python3
# @nil0x42
import sys
from selenium import webdriver
from time import sleep
import requests
import pickle
import json
@nil0x42
nil0x42 / torrc
Created May 22, 2018 15:24
TOR configuration that refreshes exit node every 10 seconds
## GENERIC
SocksPort 9050
Transport 9040
DNSPort 9053
ControlPort 9051
# map onion services to internal IP
AutomapHostsOnResolve 1
@nil0x42
nil0x42 / Awesome_GitHub_OSINT.md
Last active February 17, 2024 16:49
Awesome GitHub OSINT
@nil0x42
nil0x42 / github_badge_makers.md
Last active October 25, 2020 16:35
Awesome Project Badge Generators
@nil0x42
nil0x42 / bloodhound-multiplexer.sh
Created September 13, 2020 19:50
Store BloodHound DB in the directory you want, to have 1 DB per engagement
#!/bin/bash
# author: @nil0x42
# store your neo4j BloodHound databases in specific directories
# so you can keep one clean DB per engagement
# add me to you personal ~/bin directory, with chmod +x
# & enjoy this stupid bloodhound/neo4j multiplexer
function fail () {
@nil0x42
nil0x42 / decompile-full-jar.sh
Created September 15, 2020 09:52
[JAVA Reverse Engineering]]: Quickly decompile a .jar AND its relevant classes
#!/bin/bash
# author: @nil0x42
# Quickly decompile a .jar AND its interesting classes for reversing
PROCYON="procyon-decompiler"
JAR="jar"
OUT="$1.decompile"
if [[ $# -ne 1 ]] || [[ "$1" != *".jar" ]]; then
@nil0x42
nil0x42 / vim-OPSEC.sh
Created September 15, 2020 12:02
[OPSEC,SSH] Leave no tracks while editing file with vim
# author: @nil0x42
# OPSEC, anti-forensics, bash
# - Preserve file's `mtime` after edition
# - Prevent vim from using .swp & .viminfo
vim-OPSEC(){ cp -fp "$1" /tmp/x && vim -ni NONE /tmp/x && touch -r "$1" /tmp/x && cp -fp /tmp/x "$1";}
@nil0x42
nil0x42 / get-github-followers-twitter.py
Last active March 17, 2022 00:37
[OSINT] Get twitter of all your github followers
#!/usr/bin/env python3
#author: @nil0x42
# Usage:
# $ export GITHUB_TOKEN="<YOUR GITHUB TOKEN>"
# $ ./get-github-followers-twitter.py <GITHUB USER>
import sys, os, requests, json
LOGIN = sys.argv[1]
GH_TOKEN = os.environ.get("GITHUB_TOKEN")
graphql = """
@nil0x42
nil0x42 / Get_Early_Stargazers.graphql
Created September 21, 2020 11:31
[OSINT] Get early stargazers of a GitHub repository for org/user info gathering
# Get_Early_Stargazers #OSINT #recon trick, by @nil0x42
# Get list of first people to star a GitHub repository.
# Those are more likely to be closely connected to target org/user
# Run this query with wanted owner/name in GitHub GraphQL explorer:
# - https://developer.github.com/v4/explorer/
query Get_Early_Stargazers {
repository(owner: "sherlock-project", name: "sherlock") {
@nil0x42
nil0x42 / get-github-stargazers-twitter.py
Created September 23, 2020 14:16
[OSINT] Extract twitter of all stargazers of a Github project
#!/usr/bin/env python3
# author: @nil0x42
# Usage example:
# $ export GITHUB_TOKEN="<YOUR GITHUB TOKEN>"
# $ ./get-githus-stargazers-twitter.py "rapid7/metasploit-framework"
import sys, os, requests, json
OWNER, REPO = sys.argv[1].split("/")
GH_TOKEN = os.environ.get("GITHUB_TOKEN")