Sensitive information using Github

Articles / Blogs / Presentation :

Github OSINTMedium

bugcrowd_university/GitHub Recon/Bugcrowd University - GitHub Recon and Sensitive Data Exposure.pdf at master · bugcrowd/bugcrowd_universityGitHub

• How I made $10K in bug bounties from GitHub secret leaks - https://tillsongalloway.com/finding-sensitive-information-on-github/index.html

• https://github.com/Zomato/vinifera

Tools:

• https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5

• https://github.com/gwen001/github-search

GitHub - hisxo/gitGraber: gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...GitHub

GitHub tools collectionGwendal Le Coguic

GitHub - BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.GitHub

Twitter Thread - https://twitter.com/Johnssimon22/status/1152973288588500992

Videos:

Tweets:

Others / Dorks:

GitHub - techgaun/github-dorks: Find leaked secrets via github searchGitHub

Daily CyberSecurityDaily CyberSecurity

Jason Haddix

• https://github.com/adamtlangley/gitscraper

• https://tillsongalloway.com/finding-sensitive-information-on-github/

GitHub Recon - It’s Really DeepMedium

• Got SSH access Tip: Github Dork "site . com" ssh language:yaml Got config.yaml

https://twitter.com/GodfatherOrwa/status/1334958681021091840twitter.com

"company name" db_password "company name" "Authorization: Bearer" "company name" filename:vim_settings.xml "company name" language:shell "company name" language:python "company name" fb_secret

Dorks List:

• https://github.com/gwen001/github-search

• https://github.com/obheda12/GitDorker/blob/master/Dorks/alldorksv3

• https://github.com/hisxo/gitGraber/tree/master/wordlists

• tinyurl.com/gitdorks

Dorks:

• https://vsec7.github.io/