Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters
https://www.youtube.com/watch?v=l0YsEk_59fQ
Inspired by @Th3G3nt3lman
Below basic examples :
"Company" password
"Company" secret
"Company" credentials
"Company" token
"Company" config
"Company" key
"Company" pass
"Company" login
"Company" ftp
"Company" pwd
"Company" vspher
"Company" aws
"Company" jenkins
With creaitivity there is a lot of stuff to look for :
"Company" security_credentials ---> LDAP ( active directories )
"Company" connectionstring ---> Database Cred
"Company" JDBC ---> Database Cred
"Company" ssh2_auth_password ---> unautorized access to servers
"Company" send_keys
"Company" send,keys
"Company" ldap
List of keywords , much thanks :
https://github.com/random-robbie/keywords/blob/master/keywords.txt
https://securitytrails.com/blog/github-dorks
You can use language:python for example to search for specific programing language codes. Example :
"Company" language:pyhton password
From [ Sort ] , you can use it to find for [ Recently Indexed ] ones which is important.
"Company" language:pyhton password NOT owner-api.teslamotors.com
Will sort the results and remove everything realted to [ owner-api.teslamotors.com ]
user:VALUE ---> To look for code commited for a specific user
org:Value ---> Specific org
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database
Using gitrob : https://github.com/michenriksen/gitrob
Using TruffleHog : https://github.com/dxa4481/truffleHog
Using gitGraber: https://github.com/hisxo/gitGraber
Using git-all-secrets: https://github.com/anshumanbh/git-all-secrets
Using Truffle hunting: https://github.com/dxa4481/truffleHog
https://github.com/gwen001/github-search
Don't forget bitbucket, gitlab and google dorking 2. https://lmgtfy.com/
intext:"© Example Inc."
site:http://ideone.com "apikey"
site:http://ideone.com "aws_access_key_id"
intitle:" about atlassian bitbucket"