COLLECTED BY

Organization: Archive Team

Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.

History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.

The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.

This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.

Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.

The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.

Collection: Archive Team: URLs

TIMESTAMPS

LGTM

Synopsis

LGTM is a code analysis platform for development teams to identify vulnerabilities early and prevent them from reaching production. It uses CodeQL which works by retrieving source code from version control systems, building it with custom tooling, and creating analysis results.

LGTM uses Docker containers to isolate the build and analysis environment from the rest of the infrastructure. By nature this environment permits arbitrary code execution by any registered user, so the quality of isolation is a critical part of the security model. The public site includes two user types (user and admin user) as well as anonymous access.

Focus areas

lgtm-com.pentesting.semmle.net is a dedicated instance of LGTM for your research. The following classes of vulnerabilities are typically eligible for reward:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Missing or broken authentication
- Breaking out of the LGTM worker sandbox
- Privilege Escalation

Note: there is no need to request a sign-up, you may self-register accounts.

backend-dot-lgtm-penetration-testing.appspot.com is used for triggering automated tasks from other parts of the LGTM system. It does not provide a user interface.
downloads.lgtm.com

Out of scope

lgtm.com is out of scope and not eligible for bounties.
LGTM Enterprise, the on-premise version of LGTM, is currently out of scope and not eligible for bounties.

Ineligible submissions

Code execution in the LGTM worker sandbox: The LGTM worker sandbox is designed to execute arbitrary code. The sandbox is designed to execute untrusted code and prevent access to private networked resources or other users’ data. Escaping the sandbox to access private networked resources or other user’s data is a vulnerability and eligible for reward.
Exfiltrating Semmle command line tools: Vulnerabilities which allow attackers to exfiltrate the Semmle command line tools are ineligible for rewards. This includes tools used to analyze source code and any other files that are intentionally made available to builds.
Denial of service and resource exhaustion: Denial of service attacks which involve exhaustion of resources, such as adding a large number of projects, adding a project with a large number of commits or running a large number of queries are ineligible for rewards. Vulnerabilities allowing LGTM to send large numbers of emails are also ineligible.
Email address enumeration: Vulnerabilities which allow attackers to enumerate email address are ineligible for rewards.
Lack of security-relevant emails: Lack of emails being sent out when a security-relevant event, such a password reset, occurs is ineligible for rewards.

Submit a vulnerability for LGTM

May	JUN	Jul
	07
2020	2021	2022

LGTM

Synopsis

Focus areas

Out of scope

Ineligible submissions

Recently collected LGTM bounties:

No vulnerabilities have been reported yet. Yours can be the first!