Bug Hunter Handbook

Introduction
Getting Started in InfoSec and Bug Bounties.
Presentations
Checklists / Guides
Useful Twitter Threads
List of Vulnerabilities
Approach
API Security
Mobile Security
Fuzzing / Wordlists
BugBounty Short Write-ups
Burp Suite Tips and Tricks
HackerOne Reports
Response Manipulation
Client Vs Server Side Vulnerabilities
DevSecOps
Containers
AWS
Azure
Others
Chaining of Bugs
Bug Bounty Automation
Mindmaps
Oneliner Collections
Red Teaming
Blue Teamining
Recon One Liners
Misc
Wordpress
Fuzzing / FuFF
OWASP ZAP
Bug List
Setting up burp collaborator
Admin Panel PwN
Credential Stuffing / Dump / HaveibeenPwned?
Tools Required
Nuclei Template
Other BugBounty Repos / Tips
Interview
Threat Modelling
AppSec

Powered by GitBook

On this page

Was this helpful?

List of Vulnerabilities

Recon and OSINT

Sensitive information using Github

Articles / Blogs / Presentation :

Tools:

Videos:

Tweets:

Others / Dorks:

Dorks List:

Dorks:

PreviousRecon NextSubdomain Enumeration

Last updated 3 years ago

Was this helpful?

Articles / Blogs / Presentation :

How I made $10K in bug bounties from GitHub secret leaks -

Tools:

GitHub tools collection10degres

GitHub - BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.GitHub

Twitter Thread -

Videos:

Tweets:

Others / Dorks:

GitHub - techgaun/github-dorks: Find leaked secrets via github searchGitHub

github-dorks: Collection of github dorks • Penetration TestingPenetration Testing

GitHub Recon - It’s Really DeepMedium

Got SSH access Tip: Github Dork "site . com" ssh language:yaml Got config.yaml

Dorks List:

Dorks:

How I made $10K in bug bounties from GitHub secret leaks -

Twitter Thread -

Got SSH access Tip: Github Dork "site . com" ssh language:yaml Got config.yaml

https://tillsongalloway.com/finding-sensitive-information-on-github/index.html

https://github.com/Zomato/vinifera

https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5

https://github.com/gwen001/github-search

https://twitter.com/Johnssimon22/status/1152973288588500992

https://github.com/adamtlangley/gitscraper

https://tillsongalloway.com/finding-sensitive-information-on-github/

"company name" db_password "company name" "Authorization: Bearer" "company name" filename:vim_settings.xml "company name" language:shell "company name" language:python "company name" fb_secret

https://github.com/gwen001/github-search

https://github.com/obheda12/GitDorker/blob/master/Dorks/alldorksv3

https://github.com/hisxo/gitGraber/tree/master/wordlists

tinyurl.com/gitdorks

https://vsec7.github.io/

Github OSINTMedium

bugcrowd_university/Bugcrowd University - GitHub Recon and Sensitive Data Exposure.pdf at master · bugcrowd/bugcrowd_universityGitHub

GitHub - hisxo/gitGraber: gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...GitHub