FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.
| #!/bin/sh | |
| ### | |
| # SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer) | |
| # For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos | |
| ### | |
| # Alot of these configs have been taken from the various places | |
| # on the web, most from here | |
| # https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx |
| #! /usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| """This module's docstring summary line. | |
| This is a multi-line docstring. Paragraphs are separated with blank lines. | |
| Lines conform to 79-column limit. | |
| Module and packages names should be short, lower_case_with_underscores. | |
| Notice that this in not PEP8-cheatsheet.py |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
| # Last updated March, 2022 for Apple silicon Macs | |
| # Install Homebrew if you don't already have it: https://brew.sh | |
| # install nano from homebrew | |
| brew install nano nanorc | |
| # update your nanorc file | |
| echo 'include "/opt/homebrew/share/nanorc/*.nanorc"' >> ~/.nanorc | |
| # close and re-open your terminal and you'll have syntax highlighting |
| Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
| ActivityTweet | |
| generic_activity_highlights | |
| generic_activity_momentsbreaking | |
| RankedOrganicTweet | |
| suggest_activity | |
| suggest_activity_feed | |
| suggest_activity_highlights | |
| suggest_activity_tweet |
rsync (Everyone seems to like -z, but it is much slower for me)
| # Configuration | |
| MAKEFLAGS += -j8 | |
| DOT_OPTIONS:=-Nfontname=arial -Efontname=arial -Gfontname=arial | |
| MMD_OPTIONS:=-w 2000 -b transparent --cssFile ./mermaid_png.css --configFile ./mermaid_config.json | |
| # Get all diagram files | |
| MERMAID_FILES:=$(shell find . -name "*.mmd" -type f -not -path '*/build/*') | |
| DOT_FILES:=$(shell find . -name "*.dot" -type f -not -path '*/build/*') | |
| # Files that should be generated |
| #!/bin/bash | |
| # bash generate random alphanumeric string | |
| # | |
| # bash generate random 32 character alphanumeric string (upper and lowercase) and | |
| NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) | |
| # bash generate random 32 character alphanumeric string (lowercase only) | |
| cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1 |
