Skip to content

Instantly share code, notes, and snippets.

View BaderSZ's full-sized avatar

Bader Zaidan BaderSZ

31 followers · 58 following
View GitHub Profile
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 4, 2025 15:27
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@bolshchikov
bolshchikov / .jshintrc
Last active March 4, 2024 12:19
JSHint configuration file
{
// --------------------------------------------------------------------
// JSHint Configuration, Strict Edition
// --------------------------------------------------------------------
// == Enforcing Options ===============================================
//
// These options tell JSHint to be more strict towards your code. Use
// them if you want to allow only a safe subset of JavaScript, very
@paulbdavis
paulbdavis / kernel-codename
Last active October 1, 2017 15:56
Bash Script for getting your current Linux Kernel's Codename from the kernel source makefile. Uses a cache file so it does not do excessive curl calls (especially when run in something like conky)
#!/usr/bin/env bash
pattern="NAME\s\?=\s\?"
kernelVersion=$(uname -r | sed "s/-.*//g")
# strip trailing .0 version, since the git tags on kernel.org do not have them
kernelVersion=${kernelVersion/%".0"/}
cacheFile="$HOME/.kernelcodename"
if [ -f "$cacheFile" ]
then
@jvanasco
jvanasco / blocklist.txt
Created March 15, 2012 16:28
blocklist of social / analytics / profiling
# google services
# heavy js + tracking
google-analytics.com
googleadservices.com
doubleclick.net
gstatic.com
plusone.google.com
# social services
# heavy js + tracking
@qmacro
qmacro / inserttask.py
Created May 15, 2011 13:54
Sample Task insert using Google API Client library for Python
# Insert a new task into the user's default task list
# Based upon the sample urlshortener.py code for the
# Google API Python Client library
# http://code.google.com/p/google-api-python-client/source/browse/samples/urlshortener/urlshortener.py
# Note that the response to the task insert is a 200, rather than a 201
# If you want to run this, get your own client_id and client_secret using the
# Google API Console https://code.google.com/apis/console/