Skip to content

Instantly share code, notes, and snippets.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Nathan nmalcolm

Lorem ipsum dolor sit amet, consectetur adipiscing elit.
View GitHub Profile
akhil-reni / ssrf_iframe.svg
Created Apr 4, 2019
SVG Foreign Objects IFrame SSRF
View ssrf_iframe.svg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
EdOverflow /
Last active Oct 16, 2020
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
EdOverflow /
Last active Jan 10, 2021
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python --org organization -o /tmp/output
maxteufel / Security of
Last active Jul 18, 2020
About the security of (unaffiliated) cloaks on freenode
View Security of

Copyright (c) 2014, 2016, 2017 M. Teufel

Unlimited redistribution and modification of this document is allowed provided that the above copyright notice and this permission notice remains in tact.

If you are reading this, you probably asked for a (unaffiliated) cloak on freenode because you wanted to hide your IP or hostname.

This text is here to tell you that cloaks and vHosts don't hide your IP very well. Cloaks on freenode show your (lack of) affiliation with a project or a group being hosted on freenode.

LionsAd / xhprof-check.php
Created Oct 25, 2012
Diff XHProf runs against each other
View xhprof-check.php
$run1 = $_SERVER['argv'][1];
$run2 = $_SERVER['argv'][2];
$extra = isset($_SERVER['argv'][3])?$_SERVER['argv'][3]:'';
$source = isset($_SERVER['argv'][4])?$_SERVER['argv'][4]:'drupal-perf';
include_once '/var/www/xhprof/xhprof_lib/utils/xhprof_lib.php';
include_once '/var/www/xhprof/xhprof_lib/utils/xhprof_runs.php';
include_once '/var/www/xhprof/xhprof_lib/display/xhprof.php';
View gist:1904652
mkdir ~/.arc_install
cd ~/.arc_install
git clone git://
git clone git://
echo "DONE *************************************************"
You can’t perform that action at this time.