Skip to content

Instantly share code, notes, and snippets.

Avatar
🤔
Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Nathan nmalcolm

🤔
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
View GitHub Profile
@akhil-reni
akhil-reni / ssrf_iframe.svg
Created Apr 4, 2019
SVG Foreign Objects IFrame SSRF
View ssrf_iframe.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active Oct 16, 2020
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
View broken_link_hijacking.md
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active Jan 10, 2021
My tips for finding security issues in GitHub projects.
View github_bugbountyhunting.md

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@maxteufel
maxteufel / Security of cloaks.md
Last active Jul 18, 2020
About the security of (unaffiliated) cloaks on freenode
View Security of cloaks.md

Copyright (c) 2014, 2016, 2017 M. Teufel

Unlimited redistribution and modification of this document is allowed provided that the above copyright notice and this permission notice remains in tact.


If you are reading this, you probably asked for a (unaffiliated) cloak on freenode because you wanted to hide your IP or hostname.

This text is here to tell you that cloaks and vHosts don't hide your IP very well. Cloaks on freenode show your (lack of) affiliation with a project or a group being hosted on freenode.

@LionsAd
LionsAd / xhprof-check.php
Created Oct 25, 2012
Diff XHProf runs against each other
View xhprof-check.php
<?php
$run1 = $_SERVER['argv'][1];
$run2 = $_SERVER['argv'][2];
$extra = isset($_SERVER['argv'][3])?$_SERVER['argv'][3]:'';
$source = isset($_SERVER['argv'][4])?$_SERVER['argv'][4]:'drupal-perf';
include_once '/var/www/xhprof/xhprof_lib/utils/xhprof_lib.php';
include_once '/var/www/xhprof/xhprof_lib/utils/xhprof_runs.php';
include_once '/var/www/xhprof/xhprof_lib/display/xhprof.php';
View gist:1904652
#!/bin/bash
mkdir ~/.arc_install
cd ~/.arc_install
git clone git://github.com/facebook/libphutil.git
git clone git://github.com/facebook/arcanist.git
echo
echo
echo "DONE *************************************************"
You can’t perform that action at this time.