Saikat Ray srt0

VSCode Shortcuts

List of helpful shortcuts for faster coding

If you have any other helpful shortcuts, feel free to add in the comments of this gist :)

Official List of all commands

Windows
Mac

Arch Linux 2019.02.01-x86_64 on the Thinkpad X230

Documenting all my install steps

Useful Links

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

	#!/usr/bin/env bash
	#
	# Requirements
	# - Golang (for complete bug bounty tools, clone this https://github.com/x1mdev/ReconPi)
	# - gau (go get -u github.com/lc/gau)
	# - gf (go get -u github.com/tomnomnom/gf)
	# - Gf-Patterns (https://github.com/1ndianl33t/Gf-Patterns) - Read the README.md for how to copy json file to ~/.gf/

	cd ~/.gf
	ls *.json > ~/patterns

	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# using linkfinder
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]*" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" \| xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
	}

	# with file download (the new best one):
	# but there is a bug if you don't provide a root url

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<title>Title</title>
	</head>
	<body>
	<form id = "csrf_form" method = "POST" action = "http://127.0.0.1:8000/user/name">
	<input type = "text" name = "name" value = "hhh">
	<form>

	// How many ways can you alert(document.domain)?
	// Comment with more ways and I'll add them :)
	// I already know about the JSFuck way, but it's too long to add (:

	// Direct invocation
	alert(document.domain);
	(alert)(document.domain);
	al\u0065rt(document.domain);
	al\u{65}rt(document.domain);
	window['alert'](document.domain);

	///$(which true);FLAGS="-g -Wall -Wextra --std=c17 -O1 -fsanitize=address,undefined";THIS_FILE="$(cd "$(dirname "$0")"; pwd -P)/$(basename "$0")";OUT_FILE="/tmp/build-cache/$THIS_FILE";mkdir -p "$(dirname "$OUT_FILE")";test "$THIS_FILE" -ot "$OUT_FILE" \|\| $(which clang \|\| which gcc) $FLAGS "$THIS_FILE" -o "$OUT_FILE" \|\| exit $?;exec bash -c "exec -a \"$0\" \"$OUT_FILE\" $([ $# -eq 0 ] \|\| printf ' "%s"' "$@")"
	#include <stdio.h>

	int main() {
	printf("Hello world!\n");
	return 0;
	}

	#!/bin/bash

	gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'

	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host