# Sensitive information using Github

**Articles / Blogs / Presentation :**

{% embed url="<https://medium.com/@ghostlulzhacks/github-osint-1e8a96f9fdb8>" %}

{% embed url="<https://github.com/bugcrowd/bugcrowd_university/blob/master/GitHub%20Recon/Bugcrowd%20University%20-%20GitHub%20Recon%20and%20Sensitive%20Data%20Exposure.pdf>" %}

* **How I made $10K in bug bounties from GitHub secret leaks -** [**https://tillsongalloway.com/finding-sensitive-information-on-github/index.html**](https://tillsongalloway.com/finding-sensitive-information-on-github/index.html)
* [**https://github.com/Zomato/vinifera**](https://github.com/Zomato/vinifera)

**Tools:**

* [**https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5**](https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5)
* [**https://github.com/gwen001/github-search**](https://github.com/gwen001/github-search)

{% embed url="<https://github.com/hisxo/gitGraber>" %}

{% embed url="<https://twitter.com/soaj1664ashar/status/1176769454035939328>" %}

{% embed url="<http://10degres.net/github-tools-collection/>" %}

{% embed url="<https://github.com/BishopFox/GitGot>" %}

Twitter Thread - <https://twitter.com/Johnssimon22/status/1152973288588500992>

**Videos:**

{% embed url="<https://www.youtube.com/watch?v=l0YsEk_59fQ&feature=youtu.be>" %}

**Tweets:**

{% embed url="<https://twitter.com/uraniumhacker/status/987573987818422272>" %}

{% embed url="<https://twitter.com/Th3G3nt3lman/status/1143585800640258050>" %}

{% embed url="<https://twitter.com/Th3G3nt3lman/status/1141994095457574912>" %}

{% embed url="<https://twitter.com/nullenc0de/status/1166539906832879616>" %}

{% embed url="<https://twitter.com/agrawalsmart7/status/1148251124710834176>" %}

{% embed url="<https://twitter.com/Dhamu_offi/status/1192052622372425729>" %}

**Others / Dorks:**

{% embed url="<https://gist.github.com/yassineaboukir/210c81f3d08ff9d9ca21e0ea543e016d>" %}

{% embed url="<https://github.com/techgaun/github-dorks>" %}

{% embed url="<https://gist.github.com/jakewarren/817070277ff36694165d>" %}

{% embed url="<https://securityonline.info/github-dorks/>" %}

{% embed url="<https://twitter.com/EdOverflow/status/1121759615010709504>" %}

{% embed url="<https://twitter.com/hakluke/status/1208189232549785600>" %}

{% embed url="<https://gist.github.com/jhaddix/77253cea49bf4bd4bfd5d384a37ce7a4>" %}
Jason Haddix
{% endembed %}

{% embed url="<https://twitter.com/y0dhha/status/1254398528467714048>" %}

* <https://github.com/adamtlangley/gitscraper>
* <https://tillsongalloway.com/finding-sensitive-information-on-github/>

{% embed url="<https://medium.com/@shahjerry33/github-recon-its-really-deep-6553d6dfbb1f>" %}

{% embed url="<https://twitter.com/hunter0x7/status/1314149862833876994>" %}

* Got SSH access![Heart exclamation](https://abs-0.twimg.com/emoji/v2/svg/2763.svg)![Heart exclamation](https://abs-0.twimg.com/emoji/v2/svg/2763.svg)![Heart exclamation](https://abs-0.twimg.com/emoji/v2/svg/2763.svg)![Heart exclamation](https://abs-0.twimg.com/emoji/v2/svg/2763.svg) Tip: Github Dork "site . com" ssh language:yaml Got config.yaml

{% embed url="<https://twitter.com/GodfatherOrwa/status/1334958681021091840>" %}

["company name" db\_password "company name" "Authorization: Bearer" "company name" filename:vim\_settings.xml "company name" language:shell "company name" language:python "company name" fb\_secret](https://twitter.com/payloadartist/status/1341811781728133122?s=20)

Dorks List:

* <https://github.com/gwen001/github-search>
* <https://github.com/obheda12/GitDorker/blob/master/Dorks/alldorksv3>
* <https://github.com/hisxo/gitGraber/tree/master/wordlists>
* [tinyurl.com/gitdorks](https://t.co/EkpgxT8foN?amp=1)

Dorks:

{% embed url="<https://twitter.com/obheda12/status/1352686678318731264?s=20>" %}

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-Mj7sECa5Vtg3divPuHo%2F-Mj7ssgWSeQBhPd0x8Q7%2Fimage.png?alt=media\&token=917af8a5-f7ab-4682-b56d-f57347de5b74)

* <https://vsec7.github.io/>