Skip to content

Instantly share code, notes, and snippets.

View prime-hacker's full-sized avatar
🎯
Focusing

prime-hacker

🎯
Focusing
25 followers · 44 following
  • 20:26 (UTC +03:00)
View GitHub Profile
@EdOverflow
EdOverflow / atul_hax.md
Created May 22, 2020 13:19

As an ex-triager what advice would you give to everyone?

Don‘t write an essay; get to the point. In other words, address the Five Ws in your opening paragraph. Do not waffle on about the issue, your life, your pet cats... oh and did I tell you about Mike‘s pet frog?

From personal experience, triagers typically have to triage around 180 reports a week (this may be more now ... I am looking at you, still). Do you think triagers want to hear what Wikipedia has to say on XSS?

Without breaching the terms of the bug bounty program‘s policy, focus more on the exploitability of the issue by illustrating this in your proof of concept rather than emphasising the type of vulnerability you are reporting. Let the impact do the talking; not the bug class. If you end up disagreeing with the final bounty amount, highlighting your description of the exploitability allows for civil discourse. You do not end up arguing hypotheticals with the program.

What was the w

@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active May 22, 2024 09:01
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@rajanand02
rajanand02 / tmux.conf
Last active February 3, 2024 07:28
Tmux configurations with status bar theme
# set prefix to control-f
set -g prefix C-f
#unbind system defined prefix
unbind C-b
# helps in faster key repetition
set -sg escape-time 0
# start session number from 1 rather than 0
@simonista
simonista / .vimrc
Last active May 21, 2024 09:46
A basic .vimrc file that will serve as a good template on which to build.
" Don't try to be vi compatible
set nocompatible
" Helps force plugins to load correctly when it is turned back on below
filetype off
" TODO: Load plugins here (pathogen or vundle)
" Turn on syntax highlighting
syntax on
@spicycode
spicycode / tmux.conf
Created September 20, 2011 16:43
The best and greatest tmux.conf ever
# 0 is too far from ` ;)
set -g base-index 1
# Automatically set window title
set-window-option -g automatic-rename on
set-option -g set-titles on
#set -g default-terminal screen-256color
set -g status-keys vi
set -g history-limit 10000