Skip to content

Instantly share code, notes, and snippets.

View vijithassar's full-sized avatar

Vijith Assar vijithassar

View GitHub Profile
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active November 8, 2024 20:13
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active September 7, 2024 18:11 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@donohoe
donohoe / genius-kill.js
Created June 7, 2016 00:21
Disable the Genius browser extension from working on a web page
(function(){
console.log("GK ftw");
function checkFlag() {
var checkPage = document.getElementsByTagName("genius-back-page");
if (checkPage.length) {
var checkPageEl = checkPage[0]
checkPageEl.parentNode.removeChild(checkPageEl);
}
var checkPrompt = document.getElementsByTagName("genius-pre-annotation-prompt");
if (checkPrompt.length) {
@tophtucker
tophtucker / .block
Last active June 1, 2016 17:26
Blocks by people you follow
scrolling: yes
height: 1000
border: no
///////////////////////////
// ES6 original
////////////////////////////
class A extends B {
constructor(x) {
this.x = x;
}
b() {return this.x};
}
@toddself
toddself / genius-blocker.js
Last active March 29, 2016 22:03
Prevent any of the genius annotations from running on your site
var genius = /genius/i
// prevent genius.it/[your site]
if (genius.test(document.referrer) || genius.test(window.location.href)) {
document.location = 'https://stopitgenius.xyz'
}
// prevent the bookmarklet
var setAttribute = window.HTMLElement.prototype.setAttribute
window.HTMLElement.prototype.setAttribute = function (attr, val) {
if ((attr === 'src' || attr === 'href') && genius.test(val)) {
@nilsjesper
nilsjesper / Random Donald Trump Word Salad Robot
Last active November 23, 2016 16:18
This is a quick bash script to make your Mac speak a random line from Donald Trump's Washington Post Editorial Interview. Because it sounds even crazier spoken by your computer. Just copy and paste into your terminal and hit return.
curl -s -N --location https://www.washingtonpost.com/blogs/post-partisan/wp/2016/03/21/a-transcript-of-donald-trumps-meeting-with-the-washington-post-editorial-board/ \
| perl -0ne 'my @list = $_ =~ m/<p>TRUMP:(.*?)<\/p>/smg; print $list[rand @list]' \
| say --progress -i -r 300 -v Alex
@Avaq
Avaq / combinators.js
Last active September 26, 2024 18:53
Common combinators in JavaScript
const I = x => x
const K = x => y => x
const A = f => x => f (x)
const T = x => f => f (x)
const W = f => x => f (x) (x)
const C = f => y => x => f (x) (y)
const B = f => g => x => f (g (x))
const S = f => g => x => f (x) (g (x))
const S_ = f => g => x => f (g (x)) (x)
const S2 = f => g => h => x => f (g (x)) (h (x))
@enjalot
enjalot / README.md
Last active May 30, 2016 18:36
the spins
@jwinder
jwinder / sonic-pi-tutorial.md
Last active September 22, 2023 20:12
Sonic Pi in-app tutorials concatenated - last synced 27-08-2023 - https://sonic-pi.net/tutorial.html - https://github.com/samaaron/sonic-pi - All credit & thanks to Sam Aaron!

1 Welcome to Sonic Pi

Welcome friend :-)

Welcome to Sonic Pi. Hopefully you're as excited to get started making your own sounds as I am to show you. It's going to be a really fun ride where you'll learn all about music, synthesis, programming, composition, performance and more.