Skip to content

Instantly share code, notes, and snippets.

View betillogalvanfbc's full-sized avatar
:electron:
Don't give up!

Betillø Galvan betillogalvanfbc

:electron:
Don't give up!
42 followers · 759 following
View GitHub Profile
@betillogalvanfbc
betillogalvanfbc / cloud_metadata.txt
Created March 13, 2025 03:26 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@betillogalvanfbc
betillogalvanfbc / List of API endpoints & objects
Created September 19, 2023 21:58 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@betillogalvanfbc
betillogalvanfbc / GitHub-Leaked-API-Keys-and-Secrets.md
Created June 19, 2023 05:22 — forked from win3zz/GitHub-Leaked-API-Keys-and-Secrets.md

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@betillogalvanfbc
betillogalvanfbc / subdomain_wordlist.md
Created July 19, 2022 07:21 — forked from cihanmehmet/subdomain_wordlist.md
Subdomain Wordlist
@betillogalvanfbc
betillogalvanfbc / k3s-cluster.md
Created December 31, 2021 05:57 — forked from kopwei/k3s-cluster.md
K3s and Rancher on Raspberry Pi 4 Cluster

Deploy K3s and Rancher on Raspberry Pi 4 cluster

Today I tried to setup a small Kubernetes cluster on top of 3 Raspberry Pi 4 (4GB Memory). Here is the steps to install the cluster.

IMG_3817

Preparation

I have 3 Raspberry Pi 4 stacked with PoE headers and connected to a PoE switch at home. The are connected to Internet through a home router. All Pis are equipped with a 64GB Samsung SDXC card flushed with Ubuntu 20.04 image.

@betillogalvanfbc
betillogalvanfbc / Auditable.cs
Created November 23, 2020 20:46 — forked from mykeels/Auditable.cs
Auditable Models for Entity Framework in DotNet
using System;
namespace EF.Core.Audit
{
public abstract class Auditable
{
public virtual DateTime CreatedAt { get; set; }
public virtual DateTime? UpdatedAt { get; set; }
public virtual DateTime? DeletedAt { get; set; }
}