Skip to content

Instantly share code, notes, and snippets.

View remonsec's full-sized avatar
H A C K I N G

Mehedi Hasan Remon remonsec

H A C K I N G
382 followers · 25 following
View GitHub Profile
@Huntinex
Huntinex / report.py
Last active March 8, 2024 12:53
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""
@OTaKuHP
OTaKuHP / Bug Bounty payloads.md
Created June 27, 2021 03:57
@TheBinitGhimire
TheBinitGhimire / README.md
Last active May 30, 2024 11:10
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!

Dangling DNS Records on api.techprep.fb.com - $500!

Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk

I have included my script in another file (main.sh), which I used in discovering this vulnerability.

I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.

I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.

@PatrikFehrenbach
PatrikFehrenbach / Amass Config
Created September 23, 2020 15:43
# Copyright 2017-2020 Jeff Foley. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
mode = active
# The directory that stores the Cayley graph database and other output files
# The default for Linux systems is: $HOME/.config/amass
#output_directory = amass
@ihebski
ihebski / db
Last active September 22, 2020 18:26
store subdomains into sqlite db
#!/usr/bin/env python3
# @ih3bski
from flask import Flask
from flask_sqlalchemy import SQLAlchemy
import uuid
from loguru import logger
import sys
app = Flask(__name__)
@swarupsro
swarupsro / dorks.txt
Created March 13, 2020 04:01 — forked from abdelhady360/dorks.txt
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
inurl /bug bounty
inurl : / security
inurl:security.txt
inurl:security "reward"
inurl : /responsible disclosure
inurl : /responsible-disclosure/ reward
inurl : / responsible-disclosure/ swag
inurl : / responsible-disclosure/ bounty
inurl:'/responsible disclosure' hoodie
responsible disclosure swag r=h:com
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active June 23, 2024 20:29
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output