Skip to content

Instantly share code, notes, and snippets.

View Varunram's full-sized avatar

Varunram Ganesh Varunram

110 followers · 64 following
View GitHub Profile
@maaku
maaku / .gitignore
Last active December 20, 2021 04:10
BIP specifying a new script opcode for checking inclusion of an element in a Merkle tree
*~
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 7, 2025 13:18
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@msomu
msomu / us_states_cities.json
Created March 3, 2017 06:33
US states cities in JSON form
{
"Alabama": ["Autauga", "Baldwin", "Barbour", "Bibb", "Blount", "Bullock", "Butler", "Calhoun", "Chambers", "Cherokee", "Chilton", "Choctaw", "Clarke", "Clay", "Cleburne", "Coffee", "Colbert", "Conecuh", "Coosa", "Covington", "Crenshaw", "Cullman", "Dale", "Dallas", "DeKalb", "Elmore", "Escambia", "Etowah", "Fayette", "Franklin", "Geneva", "Greene", "Hale", "Henry", "Houston", "Jackson", "Jefferson", "Lamar", "Lauderdale", "Lawrence", "Lee", "Limestone", "Lowndes", "Macon", "Madison", "Marengo", "Marion", "Marshall", "Mobile", "Monroe", "Montgomery", "Morgan", "Perry", "Pickens", "Pike", "Randolph", "Russell", "Shelby", "St. Clair", "Sumter", "Talladega", "Tallapoosa", "Tuscaloosa", "Walker", "Washington", "Wilcox", "Winston"],
"Alaska": ["Anchorage", "Bethel", "Bristol Bay", "Dillingham", "Fairbanks North Star", "Haines", "Juneau", "Kenai Peninsula", "Ketchikan Gateway", "Kodiak Island", "Matanuska-Susitna", "Nome", "North Slope", "Prince of Wales-Outer Ketchikan", "Sitka", "Skagway-Hoonah-Angoon", "Sout
@joepie91
joepie91 / random.md
Last active April 11, 2025 09:42
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@harding
harding / bitcoin-paper-errata-and-details.md
Last active November 29, 2024 08:09

A description of known problems in Satoshi Nakamoto's paper, "Bitcoin: A Peer-to-Peer Electronic Cash System", as well as notes on terminology changes and how Bitcoin's implementation differs from that described in the paper.

Abstract

The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power.

@jim3ma
jim3ma / makecert.sh
Last active March 6, 2025 13:05 — forked from spikebike/client.go
Golang TLS server and client
#!/bin/bash
# call this script with an email address (valid or not).
# like:
# ./makecert.sh [email protected]
mkdir certs
rm certs/*
echo "make server cert"
openssl req -new -nodes -x509 -out certs/server.pem -keyout certs/server.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
echo "make client cert"
openssl req -new -nodes -x509 -out certs/client.pem -keyout certs/client.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
@justinbellamy
justinbellamy / cltools.sh
Last active March 6, 2022 03:46 — forked from jellybeansoup/cltools.sh
Install Autoconf and Automake on OS X El Capitan
#!/bin/sh
##
# Install autoconf, automake and libtool smoothly on Mac OS X.
# Newer versions of these libraries are available and may work better on OS X
#
# This script is originally from http://jsdelfino.blogspot.com.au/2012/08/autoconf-and-automake-on-mac-os-x.html
#
export build=~/devtools # or wherever you'd like to build
@jpillora
jpillora / smtp-gmail-send.go
Last active January 31, 2025 04:32
Send email using Go (Golang) via GMail with net/smtp
package main
import (
"log"
"net/smtp"
)
func main() {
send("hello there")
}
@myusuf3
myusuf3 / delete_git_submodule.md
Created November 3, 2014 17:36
How effectively delete a git submodule.

To remove a submodule you need to:

  • Delete the relevant section from the .gitmodules file.
  • Stage the .gitmodules changes git add .gitmodules
  • Delete the relevant section from .git/config.
  • Run git rm --cached path_to_submodule (no trailing slash).
  • Run rm -rf .git/modules/path_to_submodule (no trailing slash).
  • Commit git commit -m "Removed submodule "
  • Delete the now untracked submodule files rm -rf path_to_submodule
@bonsaiviking
bonsaiviking / nmap-check.sh
Created April 9, 2014 16:49
Check for bugs and code quality issues in Nmap source files.
#!/bin/bash
PEP8=$(which pep8)
if [ -z $PEP8 ]; then
echo "No pep8 in your path. Skipping Python checks"
else
for file in $(find "$@" -name '*.py'); do
OUTPUT=$(mktemp)
"$PEP8" -r "$file" > "$OUTPUT"