rzymek

Onelines

wget -r -l1 www.lingarogroup.com/about-us

cd www.lingarogroup.com  # use TAB completion

parameter expantion

Done by the shell, before it gets to the command:

echo c*

rzymek

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

rzymek

ext install path-autocomplete
ext install tslint
ext install typescript-hero

rzymek

// dev: andrewroberts.net

// Replace this with ID of your template document.
var TEMPLATE_ID = ''

// var TEMPLATE_ID = '1wtGEp27HNEVwImeh2as7bRNw-tO4HkwPGcAsTrSNTPc' // Demo template
// Demo script - http://bit.ly/createPDF
 
// You can specify a name for the new PDF file here, or leave empty to use the 
// name of the template.

rzymek

import React, { Component } from 'react'
import { Link } from 'react-router'
// Drag and Drop
import { DragDropContext } from 'react-dnd'
import HTML5Backend from 'react-dnd-html5-backend'
// Material UI
import { List } from 'material-ui/List'
import Subheader from 'material-ui/Subheader'

class ReorderableList extends Component {

rzymek

<!--
 *  Copyright (c) Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the license found in the
 *  LICENSE file in the root directory of this source tree.
-->
<!DOCTYPE html>
<html>
  <head>

rzymek

\n
            time_namelookup:  %{time_namelookup}\n
               time_connect:  %{time_connect}\n
            time_appconnect:  %{time_appconnect}\n
           time_pretransfer:  %{time_pretransfer}\n
              time_redirect:  %{time_redirect}\n
         time_starttransfer:  %{time_starttransfer}\n
                            ----------\n
                 time_total:  %{time_total}\n
\n

rzymek

#!/bin/bash
# Place in .git/hooks
# chmod +x .git/hooks/pre-commit

FILES_PATTERN='(\..+)?$'
FORBIDDEN='(@?NOCOMMIT|@?COMMITFAIL)'

if ( git diff --cached --name-only | grep -E $FILES_PATTERN | xargs grep -E --with-filename -n $FORBIDDEN ); then
  echo "ERROR: @COMMITFAIL or @NOCOMMIT found. Exiting to save you from yourself."
  exit 1

rzymek

-- Unfortunately osmand's .sqlitedb and .mbtiles use the same table name, but with different columns
alter table tiles rename to mbtiles;

-- osmand uses inverted y numbering (compared to mbtiles)
-- The formula to calculate inverted y is: y' = (2^z - 1) - y
-- As sqlite does not support pow() function, here's a table of precalculated (2^z-1) for z from 0 to 25.
create table maxy (y integer, z integer);
CREATE UNIQUE INDEX IF NOT EXISTS maxy_index on maxy (z,y);

insert into maxy(y,z) values(0,0);

rzymek

adb shell sm list-disks

adb shell sm list-volumes all

adb shell sm set-force-adoptable true

adb shell sm partition disk:179,64 private

adb shell sm set-force-adoptable false