Skip to content

Instantly share code, notes, and snippets.

View teknogeek's full-sized avatar

Joel Margolis teknogeek

534 followers · 114 following
View GitHub Profile
@random-robbie
random-robbie / ssrf.svg
Created May 25, 2018 15:03
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@saelo
saelo / pwn.js
Created May 6, 2018 16:12
Exploit for the "roll a d8" challenge of PlaidCTF 2018
//
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
//
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
//
// Copyright (c) 2018 Samuel Groß
//
//
@dougallj
dougallj / asm.s
Created January 3, 2018 08:55
x86-64 Speculative Execution Harness
global _time_load
global _cache_flush
global _run_attempt
extern _bools
extern _values
extern _pointers
section .text
@xerub
xerub / sepsplit.c
Last active May 17, 2024 11:35
/*
* SEP firmware split tool
*
* Copyright (c) 2017 xerub
*/
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active May 8, 2025 01:11
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@oleavr
oleavr / trust-manager.js
Created June 8, 2017 13:49
How to implement an X509TrustManager using Frida
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
@mhmdiaa
mhmdiaa / waybackurls.py
Last active April 2, 2025 13:03
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@mhmdiaa
mhmdiaa / waybackrobots.py
Last active March 17, 2025 03:29
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@wumb0
wumb0 / fle.asm
Created November 21, 2016 05:40
BITS 32
; flag: RC3-2016-YEAH-DATS-BETTER-BOII
; based on http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
org 0x08048000
ehdr:
db "FLAG" ; e_ident
db 1, 1, 1, 0, 0
_start: mov ecx,promptsize
jmp main
dw 2 ; e_type
@PaulCher
PaulCher / ffmpeg_rtmp_exploit.py
Created November 16, 2016 12:41
#!/usr/bin/python
import os
import socket
import struct
from time import sleep
from pwn import *
bind_ip = '0.0.0.0'