From b0260a4381d88ecf8aef083903b06b4fa4673139 Mon Sep 17 00:00:00 2001 From: Michael Skelton Date: Thu, 8 Oct 2020 06:55:05 +1000 Subject: [PATCH 1/3] Update 2020-10-08-github-security-professionals.markdown --- _posts/2020-10-08-github-security-professionals.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_posts/2020-10-08-github-security-professionals.markdown b/_posts/2020-10-08-github-security-professionals.markdown index a2761d9..079bdf7 100644 --- a/_posts/2020-10-08-github-security-professionals.markdown +++ b/_posts/2020-10-08-github-security-professionals.markdown @@ -9,6 +9,8 @@ Every Month if [Hacktoberfest](https://hacktoberfest.digitalocean.com/), which, The intention of this guide is to arm you with the knowledge of how you can get involved, even if you're not entirely familiar with programming, or if you are, and you want a reference point for "how to github" - I'm aiming for this to land with both. + + # Table of Contents - [What is Github?](#what-is-github-) * [But what is Git?](#but-what-is-git-) From d84b16ee5f0f4217153a0ff289282dcafc316373 Mon Sep 17 00:00:00 2001 From: Eduard Tolosa Date: Fri, 23 Oct 2020 03:03:06 -0500 Subject: [PATCH 2/3] Fix some example errors. - Comma separated wordlists shouldn't have space. - Remove unwanted .io TLDs. - Fix "muiltiple" typo. --- ...-29-everything-you-need-to-know-about-ffuf.markdown | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_posts/2020-08-29-everything-you-need-to-know-about-ffuf.markdown b/_posts/2020-08-29-everything-you-need-to-know-about-ffuf.markdown index f2f3f94..6a41c70 100644 --- a/_posts/2020-08-29-everything-you-need-to-know-about-ffuf.markdown +++ b/_posts/2020-08-29-everything-you-need-to-know-about-ffuf.markdown @@ -255,7 +255,7 @@ ffuf -u https://codingo.io/W1 -w ./wordlist.txt:W1 This runs the same scan as our previous example, except `W1` is now our insert instead of `FUZZ`. Now, let's assume that instead of `codingo.io` we had identified multiple websites we wanted to check over at the same time. For that, we could create a wordlist of all of the domains we wanted to test, and use the following: ``` -ffuf -u https://W2.io/W1 -w ./wordlist.txt:W1, ./domains.txt:W2 +ffuf -u https://W2/W1 -w ./wordlist.txt:W1,./domains.txt:W2 ``` This would scan each of the domains in our `domains.txt` files using the wordlist from `wordlist.txt`, allowing us to run at scale without needing the use of outside scripting or applications. @@ -268,7 +268,7 @@ Lets say we have a wordlist with 1000 domains `domains.txt` and a wordlist with If we run: ``` -ffuf -u https://FUZZDOMAIN/FUZZDIR -w ./wordlist.txt:FUZZDIR, ./domains.txt:FUZZDOMAIN +ffuf -u https://FUZZDOMAIN/FUZZDIR -w ./wordlist.txt:FUZZDIR,./domains.txt:FUZZDOMAIN ``` ffuf will try every directory for the first domain, then every directory on the second domain. @@ -277,7 +277,7 @@ This often leads to getting rate-limited or banned. If we on the other hand swap the order of the wordlists and run: ``` -ffuf -u https://FUZZDOMAIN/FUZZDIR -w ./domains.txt:FUZZDOMAIN, ./wordlist.txt:FUZZDIR +ffuf -u https://FUZZDOMAIN/FUZZDIR -w ./domains.txt:FUZZDOMAIN,./wordlist.txt:FUZZDIR ``` ffuf will try the first directory on all domains, before moving on to the next directory and trying that on all domains. @@ -293,10 +293,10 @@ Encountered error(s): 1 errors occurred. * Keyword W1, defined, but not found in headers, method, URL or POST data. ``` -Then you should instead either upgrade FFUF to the latest version, or use the `w` flag muiltiple times, like so: +Then you should instead either upgrade FFUF to the latest version, or use the `w` flag multiple times, like so: ``` -ffuf -u https://W2.io/W1 -w ./wordlist.txt:W1 -w ./domains.txt:W2 +ffuf -u https://W2/W1 -w ./wordlist.txt:W1 -w ./domains.txt:W2 ``` More information can be found here: https://github.com/ffuf/ffuf/issues/290 From 1f7dcda7257d3bc14a51a282a0f6c8826bc7c68a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Oct 2022 04:07:48 +0000 Subject: [PATCH 3/3] Bump nokogiri from 1.10.8 to 1.13.9 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.13.9. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.8...v1.13.9) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ec1231d..1972e17 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -158,19 +158,21 @@ GEM rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9.7) mercenary (0.3.6) - mini_portile2 (2.4.0) + mini_portile2 (2.8.0) minima (2.1.1) jekyll (~> 3.3) minitest (5.10.2) multipart-post (2.0.0) net-dns (0.8.0) - nokogiri (1.10.8) - mini_portile2 (~> 2.4.0) + nokogiri (1.13.9) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) octokit (4.7.0) sawyer (~> 0.8.0, >= 0.5.3) pathutil (0.14.0) forwardable-extended (~> 2.6) public_suffix (2.0.5) + racc (1.6.0) rb-fsevent (0.10.2) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy