arthusu

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

How to Build a Successful Information Security Career (Daniel Miessler)
- https://danielmiessler.com/blog/build-successful-infosec-career/#gs.DtVCbbw
The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- http://blog.erratasec.com/2010/04/first-steps-to-career-in-information.html#.WFrbofkrIuU
Hiring your first Security Professional (Peerlyst - Dawid Balut)
- https://www.peerlyst.com/posts/hiring-your-first-security-professional-dawid-balut
How to Start a Career in Cyber security
- https://www.concise-courses.com/security/how-to-start-your-career/
How to Get Into Information Security (ISC^2)
https://www.isc2.org/how-to-get-into-information-security.aspx

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';

	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set


	.
	..
	........
	@
	*
	.
	..*
	ðŸŽ

	#!/bin/sh

	# wget --mirror --adjust-extension --page-requisites --execute robots=off --wait=30 --rand om-wait --convert-links --user-agent=Mozilla http://www.example.com

	### V1
	# wget \
	# --recursive \
	# --no-clobber \
	# --page-requisites \
	# --html-extension \

	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

	import requests
	import re
	import sys
	from multiprocessing.dummy import Pool


	def robots(host):
	r = requests.get(
	'https://web.archive.org/cdx/search/cdx\
	?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)

	#!/usr/bin/env python3
	# This script is designed to do one thing and one thing only. It will find each
	# of the FlateDecode streams in a PDF document using a regular expression,
	# unzip them, and print out the unzipped data. You can do the same in any
	# programming language you choose.
	#
	# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
	# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
	# https://tools.kali.org/forensics/pdf-parser.
	#

	html {
	position:relative;
	min-height:100%;
	padding-bottom: 30px; /* should be equivalent to footer height */
	}
	footer {
	position:absolute;
	left:0;
	right:0;
	bottom:0;