Vaibhav Sagar vaibhavsagar

## github_bugbountyhunting.md

      
              1 file
            
          
              98 forks
            
          
              15 comments
            
          
              531 stars
            
          
                EdOverflow
                / github_bugbountyhunting.md
            
            
              Last active
              April 20, 2024 01:36
            
              
                My tips for finding security issues in GitHub projects.
              
          
    GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output

  
## keybase.nix
# Add this file to your /etc/nixos/configuration.nix `imports = [ ... ];` attribute.
#
# After running `nixos-rebuild switch`, `systemctl --user start keybase-gui.service`
# can be used to start the Keybase GUI.
#
# Not sure if it's just my tiling window manager, but there is a bit of wonkiness
# with the tray icon. Other than that it works perfectly (as of 2017/11/22).

{ pkgs, ... }:

## Leftpad.idr
import Data.Vect

-- `minus` is saturating subtraction, so this works like we want it to
eq_max : (n, k : Nat) -> maximum k n = plus (n `minus` k) k
eq_max  n     Z    = rewrite minusZeroRight n in rewrite plusZeroRightNeutral n in Refl
eq_max  Z    (S _) = Refl
eq_max (S n) (S k) = rewrite sym $ plusSuccRightSucc (n `minus` k) k in rewrite eq_max n k in Refl

-- The type here says "the result is" padded to (maximum k n), and is padding plus the original
leftPad : (x : a) -> (n : Nat) -> (xs : Vect k a)

## fibonacci.hs
import Numeric.Natural (Natural)

import qualified Data.Semigroup

-- | @fibonacci n@ computes the @nth@ fibonacci number efficiently using infinite
-- precision integer arithmetic
--
-- Try @fibonacci 1000000@
fibonacci :: Natural -> Natural
fibonacci n = x01 (Data.Semigroup.mtimesDefault n m)

## RegAlloc1.hs
{-# OPTIONS_GHC -Wall #-}

{-# LANGUAGE DeriveAnyClass        #-}
{-# LANGUAGE DeriveDataTypeable    #-}
{-# LANGUAGE LambdaCase            #-}
{-# LANGUAGE OverloadedStrings     #-}
{-# LANGUAGE PartialTypeSignatures #-}
module RegAlloc1
  ( -- * Types
    Var

## checkout.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              16 stars
            
          
                esmooov
                / checkout.md
            
            
              Created
              May 31, 2012 15:54
            
              
                The Secret Passions of Git Checkout
              
          
    The Secret Passions of Git Checkout


The Hand of God


Git checkout can do almost anything ... or, at least, many things. It can switch branches. It can mix and match branches. It can resolve merge conflicts. It can give you a scratchpad to test things. It can even be used to interactively patch files. It's so powerful because it's so abstract. But much like numinous mystics, abstraction makes it confusing.
Basically git checkout does two things:

  
## gist:8739525

      
              1 file
            
          
              39 forks
            
          
              5 comments
            
          
              321 stars
            
          
                bitemyapp
                / gist:8739525
            
            
              Last active
              May 7, 2021 23:22
            
              
                Learning Haskell
              
          
    The Learning Haskell guide has been moved to a git repo to enable outside contribution

Find it here: https://github.com/bitemyapp/learnhaskell

  
## Json.purs

module Main where

-- | JSON is an incredibly simple format. Even its lists are untyped.
-- | As with all languages, functional programming encourages us to
-- | make a domain-specific language (or DSL) to capture the "ideas"
-- | of the language, which we can then use to talk about its content.

-- | In this little snippet, we'll build a JSON DSL, transform it into
-- | a recursive structure, and then use that result to generate some

## Record.hs
{-# LANGUAGE AllowAmbiguousTypes #-}
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE FunctionalDependencies #-}
{-# LANGUAGE GADTs #-}
{-# LANGUAGE KindSignatures #-}
{-# LANGUAGE PolyKinds #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TypeApplications #-}

## Newton.hs
{-# LANGUAGE RankNTypes #-}

import Numeric.Natural (Natural)
import Numeric.AD (diff)

newtonRoot
  :: (Floating a, Ord a)
  => Natural  -- ^ iterations
  -> a        -- ^ epsilon
  -> a        -- ^ starting guess
	# Add this file to your /etc/nixos/configuration.nix `imports = [ ... ];` attribute.
	#
	# After running `nixos-rebuild switch`, `systemctl --user start keybase-gui.service`
	# can be used to start the Keybase GUI.
	#
	# Not sure if it's just my tiling window manager, but there is a bit of wonkiness
	# with the tray icon. Other than that it works perfectly (as of 2017/11/22).

	{ pkgs, ... }:
	import Data.Vect

	-- `minus` is saturating subtraction, so this works like we want it to
	eq_max : (n, k : Nat) -> maximum k n = plus (n `minus` k) k
	eq_max n Z = rewrite minusZeroRight n in rewrite plusZeroRightNeutral n in Refl
	eq_max Z (S _) = Refl
	eq_max (S n) (S k) = rewrite sym $ plusSuccRightSucc (n `minus` k) k in rewrite eq_max n k in Refl

	-- The type here says "the result is" padded to (maximum k n), and is padding plus the original
	leftPad : (x : a) -> (n : Nat) -> (xs : Vect k a)
	import Numeric.Natural (Natural)

	import qualified Data.Semigroup

	-- \| @fibonacci n@ computes the @nth@ fibonacci number efficiently using infinite
	-- precision integer arithmetic
	--
	-- Try @fibonacci 1000000@
	fibonacci :: Natural -> Natural
	fibonacci n = x01 (Data.Semigroup.mtimesDefault n m)
	{-# OPTIONS_GHC -Wall #-}

	{-# LANGUAGE DeriveAnyClass #-}
	{-# LANGUAGE DeriveDataTypeable #-}
	{-# LANGUAGE LambdaCase #-}
	{-# LANGUAGE OverloadedStrings #-}
	{-# LANGUAGE PartialTypeSignatures #-}
	module RegAlloc1
	( -- * Types
	Var

	module Main where

	-- \| JSON is an incredibly simple format. Even its lists are untyped.
	-- \| As with all languages, functional programming encourages us to
	-- \| make a domain-specific language (or DSL) to capture the "ideas"
	-- \| of the language, which we can then use to talk about its content.

	-- \| In this little snippet, we'll build a JSON DSL, transform it into
	-- \| a recursive structure, and then use that result to generate some
	{-# LANGUAGE AllowAmbiguousTypes #-}
	{-# LANGUAGE DataKinds #-}
	{-# LANGUAGE DeriveGeneric #-}
	{-# LANGUAGE FlexibleInstances #-}
	{-# LANGUAGE FunctionalDependencies #-}
	{-# LANGUAGE GADTs #-}
	{-# LANGUAGE KindSignatures #-}
	{-# LANGUAGE PolyKinds #-}
	{-# LANGUAGE ScopedTypeVariables #-}
	{-# LANGUAGE TypeApplications #-}
	{-# LANGUAGE RankNTypes #-}

	import Numeric.Natural (Natural)
	import Numeric.AD (diff)

	newtonRoot
	:: (Floating a, Ord a)
	=> Natural -- ^ iterations
	-> a -- ^ epsilon
	-> a -- ^ starting guess