Skip to content

Instantly share code, notes, and snippets.

View larsxschneider's full-sized avatar

Lars Schneider larsxschneider

View GitHub Profile
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active November 8, 2024 20:13
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@jonico
jonico / dashboard.xml
Created September 20, 2016 15:04
Splunk Dashboard for GitHub Enterprise
<dashboard>
<label>Octodemo performance stats</label>
<row>
<panel>
<chart>
<title>Top fetched repos</title>
<search>
<query>index="octodemo" upload-pack user| top repo</query>
<earliest>@w0</earliest>
<latest>now</latest>
@vsouza
vsouza / .bashrc
Last active September 21, 2024 12:31
Golang setup in Mac OSX with HomeBrew. Set `GOPATH` and `GOROOT` variables in zshell, fish or bash.
# Set variables in .bashrc file
# don't forget to change your path correctly!
export GOPATH=$HOME/golang
export GOROOT=/usr/local/opt/go/libexec
export PATH=$PATH:$GOPATH/bin
export PATH=$PATH:$GOROOT/bin
@ragingwind
ragingwind / Backend Architectures Keywords and References.md
Last active July 4, 2024 13:00
Backend Architectures Keywords and References
@alekstorm
alekstorm / git-reviewers
Last active April 15, 2023 05:51
Finds likely good reviewers for a commit or range of commits by getting a diff, then running `git blame` on the previous versions of each changed hunk. Outputs a sorted list of reviewer names, emails, and how many lines you've both touched. To use, name the file `git-reviewers`, put it somewhere in your $PATH, make it executable, and call it wit…
#!/usr/bin/env bash -ue
if [[ $# -lt 1 || $# -gt 2 ]]; then
echo "Usage: git $(basename "$0" | sed 's/^git-//') <end-commit> [<start-commit>]"
exit 1
fi
diff_range="$1^..$1"
end_commit="$1^"
if [[ $# -eq 2 ]]; then
@agnoster
agnoster / github.com.js
Created October 17, 2012 15:59
Like editing files in an open pull request?
/**
* 1) Use http://defunkt.io/dotjs/
* 2) Install this into ~/.js/github.com.js
* 3) Enjoy a button to edit any file on a pull request (some restrictions may apply, void where prohibited)
*
* Note: this will replace the "View file @ ...", which I find pretty useless (and it's contained in the edit mode,
* anyway). However, if you want to look at files where you don't have access to edit them, this will suck.
*/
function getBranch() {
@torsten
torsten / fix-whitespace.sh
Created September 12, 2012 13:58
Pre-commit hook script for git to fix whitespace and long lines.
#!/bin/sh
# Pre-commit hook for git which removes trailing whitespace, converts tabs to spaces, and enforces a max line length.
if git-rev-parse --verify HEAD >/dev/null 2>&1 ; then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi
@erikh
erikh / hack.sh
Created March 31, 2012 07:02 — forked from DAddYE/hack.sh
OSX For Hackers
#!/usr/bin/env sh
##
# This is script with usefull tips taken from:
# https://github.com/mathiasbynens/dotfiles/blob/master/.osx
#
# install it:
# curl -sL https://raw.github.com/gist/2108403/hack.sh | sh
#
@torsten
torsten / property-access.m
Created March 27, 2012 08:32
Benchmark to measure how much slower property access is vs direct member access.
// Compile as: clang -O4 -framework Foundation property-access.m && ./a.out
#import <Foundation/Foundation.h>
// Performance timer, credit: Lars Schneider @kit3bus
#import <mach/mach_time.h>
#define MAKE_NSSTRING(str) (NSString *)CFSTR(#str)
#define START(name) \
@clauswitt
clauswitt / removeUnusedTrackingBranches.sh
Created January 23, 2012 09:25
Remove unused tracking branches
#!/bin/bash
TMPFILE=".tmpGitRemotes"
REMOTENAME="origin"
COMMIT=$1
git fetch
git branch -a --merged |grep "remotes/$REMOTENAME/" > $TMPFILE
if [[ $COMMIT == "commit" ]]; then
echo "deleting git branches"
else