Skip to content

Instantly share code, notes, and snippets.

View starchy's full-sized avatar

starchy

7 followers · 1 following
View GitHub Profile
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active June 23, 2024 20:29
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@ageis
ageis / pgpgrep.py
Created December 20, 2016 22:37
Mass-decrypt PGP messages in Thunderbird folders for CLI-based email searchability
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import sys
import subprocess
import argparse
import re
import mailbox
import email.utils
import os
@eighthave
eighthave / find-https-debian-archives.py
Last active May 26, 2024 03:45
Script to find official Debian mirrors that support HTTPS
#!/usr/bin/env python3
import urllib.request
import re
import ssl
import sys
# # find generic mirrors
mirrors = urllib.request.urlopen('http://www.debian.org/mirror/list')
https = []