Vijith Assar vijithassar

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

Admiring Jason Davies' work on the Weichel projection

1 Welcome to Sonic Pi

Welcome friend :-)

Welcome to Sonic Pi. Hopefully you're as excited to get started making your own sounds as I am to show you. It's going to be a really fun ride where you'll learn all about music, synthesis, programming, composition, performance and more.

	(function(){
	console.log("GK ftw");
	function checkFlag() {
	var checkPage = document.getElementsByTagName("genius-back-page");
	if (checkPage.length) {
	var checkPageEl = checkPage[0]
	checkPageEl.parentNode.removeChild(checkPageEl);
	}
	var checkPrompt = document.getElementsByTagName("genius-pre-annotation-prompt");
	if (checkPrompt.length) {

	///////////////////////////
	// ES6 original
	////////////////////////////
	class A extends B {
	constructor(x) {
	this.x = x;
	}
	b() {return this.x};
	}

	var genius = /genius/i
	// prevent genius.it/[your site]
	if (genius.test(document.referrer) \|\| genius.test(window.location.href)) {
	document.location = 'https://stopitgenius.xyz'
	}

	// prevent the bookmarklet
	var setAttribute = window.HTMLElement.prototype.setAttribute
	window.HTMLElement.prototype.setAttribute = function (attr, val) {
	if ((attr === 'src' \|\| attr === 'href') && genius.test(val)) {

	const I = x => x
	const K = x => y => x
	const A = f => x => f (x)
	const T = x => f => f (x)
	const W = f => x => f (x) (x)
	const C = f => y => x => f (x) (y)
	const B = f => g => x => f (g (x))
	const S = f => g => x => f (x) (g (x))
	const S_ = f => g => x => f (g (x)) (x)
	const S2 = f => g => h => x => f (g (x)) (h (x))

	curl -s -N --location https://www.washingtonpost.com/blogs/post-partisan/wp/2016/03/21/a-transcript-of-donald-trumps-meeting-with-the-washington-post-editorial-board/ \
	\| perl -0ne 'my @list = $_ =~ m/<p>TRUMP:(.*?)<\/p>/smg; print $list[rand @list]' \
	\| say --progress -i -r 300 -v Alex

	scrolling: yes
	height: 1000
	border: no