Evan Coonrod evanc

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

How to export and rehost your Tumblr site

(Update: Version 3.2.0 of Jekyll looks like it's breaking a few things, so I've changed the guide to make you specifically install the version I was using, 3.1.3. I believe this is the issue: jekyll/jekyll#5145.)

You will be using jekyll-import to export your Tumblr site, Jekyll to (re)create it, and Surge to rehost it.

Update: You can also use Tumblr's native export feature in your blogs' individual settings. But rehosting that might be tricky. Read my comments below this post for how that works.

Setup and installation

Strictly Frameworks

Mobiledoc - github.com/bustle/mobiledoc-kit - framework to build editors with a standardized JSON structure
ShareDB - github.com/share/sharedb - framework to sync any JSON document using operational transforms, add real-time collaborative editing to anything else
Bangle.dev - github.com/bangle-io/bangle.dev - toolkit built for building editors, based on prosemirror

Abstracted Editors

These use separate document structures instead of HTML, some are more modular libraries than full editors

ReactJS Component Cheatsheet

To create a ReactComponent:

ReactComponent React.createClass(object proto)

Basic JSX example:

var TitleComponent = React.createClass({

// REQUIRED

OS X Screencast to animated GIF

This gist shows how to create a GIF screencast using only free OS X tools: QuickTime, ffmpeg, and gifsicle.

Instructions

To capture the video (filesize: 19MB), using the free "QuickTime Player" application:

	• cakemittens - ratatat [thanks a lot. for nothing]
	• vineyardsofthec - https://www.youtube.com/watch?v=meP7QincviY (chris clark - diesel raven) [i like this a lot]
	• plopadop - secede tryshala [i like this too.] [update 40 minutes later - getting impatient, moving on]
	• verrore
	◦ solar fields [tried movements, enjoyed it]
	◦ bluetech [tried sines and singularities, enjoyed it a lot]
	• look_aghost
	◦ soundtrack to the andromeda strain [found this here http://www.youtube.com/watch?v=A_wMSy3geXM just listening to the soundtrack was mostly boring. maybe would be better if id seen the movie]
	• bullbar - ravedeath 1972 by tim hecker [this seems fine. for unrelated reasons i was convinced i was dying while this one was playing and that was distracting me from listening to it]
	• drugleaf

	/*
	* This work is free. You can redistribute it and/or modify it under the
	* terms of the Do What The Fuck You Want To Public License, Version 2,
	* as published by Sam Hocevar. See the COPYING file for more details.
	*/
	/*
	* Easing Functions - inspired from http://gizma.com/easing/
	* only considering the t value for the range [0, 1] => [0, 1]
	*/
	EasingFunctions = {