Skip to content

Instantly share code, notes, and snippets.

View TheBinitGhimire's full-sized avatar
🏠
Working from home

Binit Ghimire TheBinitGhimire

🏠
Working from home
View GitHub Profile
@TheBinitGhimire
TheBinitGhimire / README.md
Created March 9, 2022 04:02
MobSF on Kubernetes!

MobSF on Kubernetes

Implementation

kubectl apply -f mobsf.yaml

Usage

@TheBinitGhimire
TheBinitGhimire / README.md
Last active August 26, 2023 12:39
[Facebook Bug Bounty] Dangling DNS Records on surf-test.xwf.internet.org! - $500

Dangling DNS Records on surf-test.xwf.internet.org! - $500

Read the proper write-up here: https://publish.whoisbinit.me/amazon-ec2-dangling-dns-records-on-surf-test-xwf-internet-org!

Vulnerability Discovery

In this GitHub Gist, I have included my script (main.sh), which I used in discovering this vulnerability.

The script performs sub-domain enumeration over the Internet.org domain using assetfinder, subfinder, sublist3r and amass, and then checks for sub-domains which are further pointing to Amazon EC2 hostnames, and stores all of the results in multiple text files.

I didn't perform any form of manual work in discovering this vulnerability, and my workflow was fully automated with the help of Bash scripting using different tools.

@TheBinitGhimire
TheBinitGhimire / README.md
Last active October 27, 2024 19:26
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!

Dangling DNS Records on api.techprep.fb.com - $500!

Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk

I have included my script in another file (main.sh), which I used in discovering this vulnerability.

I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.

I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.

@TheBinitGhimire
TheBinitGhimire / forward.php
Created December 28, 2020 11:03
Get Exact GPS Location of Webpage Visitors with HTML5 Geolocation API and PHP!
<?php
/*
Get Exact GPS Location of Webpage Visitors with HTML5 Geolocation API and PHP!
Author: Binit Ghimire
GitHub Profile: https://github.com/TheBinitGhimire
Author URL: https://WHOISbinit.me/
_________________
|| How to Use? ||
‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
@TheBinitGhimire
TheBinitGhimire / README.md
Last active August 25, 2024 12:33
Getting an AWS Educate account with $100 worth of cloud credits!
@TheBinitGhimire
TheBinitGhimire / go.sh
Created December 1, 2020 16:56
Install Go on Ubuntu and Debian-based Linux distributions!
#!/bin/bash
# Install Go on Ubuntu and Debian-based Linux distributions!
: '
Perform the following:
1. chmod +x go.sh;
2. ./go.sh;
OR
1. bash go.sh;
'
wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz;
@TheBinitGhimire
TheBinitGhimire / setupy.sh
Created September 5, 2020 11:38
setupy | Save your time while installing Python tools from GitHub!
# Setupy by Binit!
setupy(){
git clone https://github.com/$1/$2 && cd $2 && python3 setup.py install && cd .. && rm -r $2;
}
# Installation
echo -e "\nsetupy(){\n\tgit clone https://github.com/\$1/\$2 && cd \$2 && python3 setup.py install && cd .. && rm -r \$2;\n}" >> ~/.*shrc && source ~/.*shrc
# Usage
setupy author repository
@TheBinitGhimire
TheBinitGhimire / functions.php
Created August 23, 2020 05:25
Static Excerpts for WordPress
<?php
/**
*
*** Static Excerpts for WordPress
*** Author: Binit Ghimire
*** Author URL: https://WHOISbinit.me/
*** How to use?
* 1. Insert this piece of code at the end of your Theme Functions file (i.e. functions.php)!
* 2. Replace the content written inside double quotes (" and ") in Line 17 with the static excerpt content that you'd like to use!
@TheBinitGhimire
TheBinitGhimire / terraform-ec2-sg.tf
Created August 5, 2020 21:49
Terraform Template to create an EC2 Instance on Default VPC with your name in the "Owner" tag, and Security Group allowing ports 22, 80 and 443 in Inbound Rules (ingress) and all traffic in Outbound Rules (egress)
# Terraform Template to create an EC2 Instance on Default VPC with your name in the "Owner" tag, and Security Group allowing ports 22, 80 and 443 in Inbound Rules (ingress) and all traffic in Outbound Rules (egress)
provider "aws" {
region = "us-east-1"
}
data "aws_ami" "ubuntu" {
most_recent = true
filter {
@TheBinitGhimire
TheBinitGhimire / get_comment_author_country.php
Last active August 4, 2020 22:13
Get Comment Author Country from IP Address in WordPress
<?php
/* Place the following code in the functions.php file of your theme! */
/*
*
* Get Comment Author Country from IP Address | START
* Author: https://github.com/TheBinitGhimire/
* Source: https://gist.github.com/TheBinitGhimire/8dac2b929e44343766414f601513f0bb
*
* */