Skip to content

Instantly share code, notes, and snippets.

View srt0's full-sized avatar
⌨️
wondering

Saikat Ray srt0

⌨️
wondering
9 followers · 25 following
View GitHub Profile
@srt0
srt0 / dell-XPS-15-arch-linux-install
Last active June 2, 2019 13:23 — forked from marc-fez/dell-XPS-15-arch-linux-install
Instructions for installing arch linux on a Dell XPS 15 with full system encryption using dm-crypt and luks
# Having problems with the nvidia drivers
# Arch wiki page on XPS 15
# https://wiki.archlinux.org/index.php/Dell_XPS_15_9560
# Install ARCH Linux with encrypted file-system and UEFI on Dell XPS 15
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=/path/to/archlinux.img of=/dev/sdX bs=16M status=progress && sync # on linux
@srt0
srt0 / waybackurls.py
Created February 17, 2020 11:21 — forked from mhmdiaa/waybackurls.py
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@srt0
srt0 / github_bugbountyhunting.md
Created February 19, 2020 11:40 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@srt0
srt0 / cloud_metadata.txt
Created September 20, 2021 20:58 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key