Ryan cloupid

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

Scaling your API with rate limiters

The following are examples of the four types rate limiters discussed in the accompanying blog post. In the examples below I've used pseudocode-like Ruby, so if you're unfamiliar with Ruby you should be able to easily translate this approach to other languages. Complete examples in Ruby are also provided later in this gist.

In most cases you'll want all these examples to be classes, but I've used simple functions here to keep the code samples brief.

Request rate limiter

This uses a basic token bucket algorithm and relies on the fact that Redis scripts execute atomically. No other operations can run between fetching the count and writing the new count.

	# First, install all of the things

	sudo su
	apt-get update
	apt-get install nginx
	/etc/init.d/nginx start
	sudo apt-get install python-dev
	sudo apt-get install python-pip
	sudo add-apt-repository "deb http://security.ubuntu.com/ubuntu xenial-security main"
	sudo apt update

	server {
	server_name cdn.example.com;

	listen 80;

	access_log /var/log/nginx/cdn.example.com-access.log;
	error_log /var/log/nginx/cdn.example.com-error.log info;

	add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

	# First, install all of the things

	apt-get update
	apt-get install nginx
	/etc/init.d/nginx start
	apt-get install python-dev
	apt-get install python-pip
	apt-get install libjpeg-dev libpng-dev libtiff-dev libjasper-dev libgtk2.0-dev python-numpy python-pycurl libwebp-dev python-opencv libjpeg-progs
	ln -s /usr/lib/x86_64-linux-gnu/libjpeg.so /usr/lib
	pip install pillow

	# sudo su and run the following

	sudo apt-get update && \
	sudo apt-get -y upgrade && \

	# install all dependencies
	sudo apt-get -y install \
	build-essential \
	checkinstall \
	gcc \

	<?xml version="1.0" encoding="utf-8"?>
	<Project DefaultTargets="PrepareStaticContent" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<PropertyGroup>
	<!-- Passed in Parameters -->
	<configuration></configuration>
	<workingDir></workingDir>
	<buildNumber></buildNumber>
	<buildViews>false</buildViews>
	<minifyJs>true</minifyJs>
	<TargetsDirectory></TargetsDirectory>

	using System;
	using System.Collections.Generic;
	using System.Diagnostics;
	using System.Linq;
	using System.Threading;
	using System.Threading.Tasks;
	using StackExchange.Redis;

	namespace CitySurvival.Redis
	{