"Knowledge is powerful, be careful how you use it!"
defparam
/ cluster.py
Last active
December 15, 2023 10:19
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
BugHunter001
/ Bug_Bounty_tips
Last active
January 21, 2023 10:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| site.com/file.php | |
| response = nothing | |
| http://site.com/file.php~ | |
| response = source | |
| ------------------------------------- | |
| https://github.com/kleiton0x00/CRLF-one-liner | |
| ------------------------------------------ | |
| try to add admin as your user, | |
| change his email to yours, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxy":{ | |
| "ssl_pass_through":{ | |
| "automatically_add_entries_on_client_ssl_negotiation_failure":false, | |
| "rules":[ | |
| { | |
| "enabled":true, | |
| "host":".*\\.google\\.com", | |
| "protocol":"any" | |
| }, |
dwallraff
/ secret_book.md
Last active
March 24, 2024 00:33
Secret Book of Knowledge - from https://github.com/trimstray/the-book-of-secret-knowledge credit: @trimstray
jivoi
/ autoburp.sh
Created
March 9, 2018 08:45
— forked from jgamblin/autoburp.sh
Automatic Burp Script With Slack Reporting.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| java -jar -Xmx2g -Djava.awt.headless=true ~/BurpSuitePro/burpsuite_pro.jar http jerrygamblin.com 80 | |
| cp *.html ~/BurpSuitePro/scan.html | |
| wkhtmltopdf scan.html scan.pdf | |
| curl -F file=@scan.pdf -F initial_comment="BurpProxy JerryGamblin.com Scan" -F channels=#burpreports -F token=(Your Token) https://slack.com/api/files.upload | |
| rm *.html | |
| rm *.pdf |
anburocky3
/ burp-suite-add-to-unity.sh
Created
October 20, 2017 12:59
Shell script to add Latest Burp Suite Pro to Unity Launcher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For example: | |
| # If your burpsuite jar is named: burpsuite_pro_v1.7.11.jar | |
| # ..and located at: /opt/burpsuite/ | |
| # | |
| # export BURP_VER=1.7.11 | |
| # export BURP_PATH=/opt/burpsuite/ | |
| export BURP_VER=YOUR_VERSION | |
| export BURP_PATH=YOUR_PATH |
EdOverflow
/ github_bugbountyhunting.md
Last active
April 29, 2024 14:36
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For example: | |
| # If your burpsuite jar is named: burpsuite_free_v1.5.jar | |
| # ..and located at: /opt/burpsuite/ | |
| # | |
| # export BURP_VER=1.5 | |
| # export BURP_PATH=/opt/burpsuite/ | |
| export BURP_VER=<insert burp version number here> | |
| export BURP_PATH=<insert path to burp jar here> |