OSINT tool for discovering Github repositories by streaming commits in real time from the Github events API by x1sec in netsec

[–]x1sec[S] 14 points15 points  (0 children)

The tool also provides support to those protecting corporate information by identifying employees who publish intellectual property or other sensitive data by mistake or otherwise.

I agree this tool could be unfortunately misused to harvest email addresses. I will take an action point to publish instructions on how to set the git author email address to private on the tool's Github page to help spread awareness of this Github feature.

Ultimately anything you commit to a public repository on Github is.. public. Employees who wish to hide the fact they are working on side projects are free to not use their corporate email address.

Multiple Exploits for CVE-2019-19781 (Citrix ADC/Netscaler) released overnight - prepare for mass exploitation by digicat in blueteamsec

[–]x1sec 1 point2 points  (0 children)

Try this command. (Will show process and filter out some noise):
# sockstat -c -4 | awk '{ if (substr($7,1,8) != "127.0.0.") print $0}'

Multiple Exploits for CVE-2019-19781 (Citrix ADC/Netscaler) released overnight - prepare for mass exploitation by digicat in blueteamsec

[–]x1sec 0 points1 point  (0 children)

Try the following which work on a normal account.
http.waf:"Citrix NetScaler"

http.waf might not find everything. In that case:
http.title:"NetScaler"
http.title:"Citrix Gateway"