Skip to content

Instantly share code, notes, and snippets.

View rzymek's full-sized avatar

Krzysztof Rzymkowski rzymek

34 followers · 25 following
View GitHub Profile
@rzymek
rzymek / github_bugbountyhunting.md
Created October 7, 2017 07:25 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@rzymek
rzymek / createPDF.gs
Last active September 8, 2017 19:48 — forked from andrewroberts/createPDF.gs
This is a Google Apps Script that creates a PDF file using a Google Doc template and the values in a Google Spreadsheet. More details can be found at www.andrewroberts.net/2014/10/google-apps-script-create-pdf/
// dev: andrewroberts.net
// Replace this with ID of your template document.
var TEMPLATE_ID = ''
// var TEMPLATE_ID = '1wtGEp27HNEVwImeh2as7bRNw-tO4HkwPGcAsTrSNTPc' // Demo template
// Demo script - http://bit.ly/createPDF
// You can specify a name for the new PDF file here, or leave empty to use the
// name of the template.
@rzymek
rzymek / ReorderableList.js
Created September 1, 2017 20:06 — forked from jlroettger/ReorderableList.js
React DND and Material UI - Reorderable List
import React, { Component } from 'react'
import { Link } from 'react-router'
// Drag and Drop
import { DragDropContext } from 'react-dnd'
import HTML5Backend from 'react-dnd-html5-backend'
// Material UI
import { List } from 'material-ui/List'
import Subheader from 'material-ui/Subheader'
class ReorderableList extends Component {
@rzymek
rzymek / root.sh
Created October 27, 2016 16:56 — forked from Arinerron/root.sh
"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit)
#!/bin/bash
# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;
# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";
@rzymek
rzymek / wildfly-install.sh
Created December 1, 2015 10:19 — forked from sukharevd/wildfly-install.sh
Script to install JBoss Wildfly 10.x as service in Linux
#!/bin/bash
#title :wildfly-install.sh
#description :The script to install Wildfly 10.x
#more :http://sukharevd.net/wildfly-8-installation.html
#author :Dmitriy Sukharev
#date :2015-10-24T17:14-0700
#usage :/bin/bash wildfly-install.sh
#tested-version :10.0.0.CR3
#tested-distros :Debian 7,8; Ubuntu 15.10; CentOS 7; Fedora 22
@rzymek
rzymek / fullcalendar Polski
Created November 5, 2013 14:29 — forked from greg606/fullcalendar Polski
var localOptions = {
buttonText: {
today: 'Dzisiaj',
month: 'Miesiąc',
day: 'Dzień',
week: 'Tydzień'
},
monthNames: ['Styczeń','Luty','Marzec','Kwiecień','Maj','Czerwiec','Lipiec','Sierpień','Wrzesień','Październik','Listopad','Grudzień'],
monthNamesShort: ['Sty','Lut','Mar','Kwi','Maj','Cze','Lip','Sie','Wrz','Paź','Lis','Gru'],
dayNames: ['Niedziela','Poniedziałek','Wtorek','Środa','Czwartek','Piątek','Sobota'],
@rzymek
rzymek / QueueRPCRequests.markdown
Created February 24, 2013 21:08 — forked from chumpy/QueueRPCRequests.markdown

Queue RPC Requests in GWT

The Problem

One of the handier tools in the GWT toolbox is a built in AJAX framework referred to as RPC or Remote Procedure Calls. Here’s the thing: Internet Explorer version 7 and prior is not awesome. IE pre-8 restricts the number of simultaneous XmlHttp requests to two for a given host. In most cases, this restriction doesn’t pose a real problem. For a rich client application (like the kind GWT is a good choice for) that may be leaving one of those two allowable connections open for a long poll while