Git Product home page Git Product logo

sensitive-data-exposures-with-github's Introduction

Sensitive-Data-Exposures-with-Github

Techniques / Tips and tricks for finding sensitive data exposures in Github for Penetration Testers / Bug Bounty Hunters

https://www.youtube.com/watch?v=l0YsEk_59fQ

Inspired by @Th3G3nt3lman

Find Sensitive information leaks : ( Manual Approch )

Below basic examples :

"Company" password

"Company" secret

"Company" credentials

"Company" token

"Company" config

"Company" key

"Company" pass

"Company" login

"Company" ftp

"Company" pwd

"Company" vspher

"Company" aws

"Company" jenkins

With creaitivity there is a lot of stuff to look for :

"Company" security_credentials ---> LDAP ( active directories )

"Company" connectionstring ---> Database Cred

"Company" JDBC ---> Database Cred

"Company" ssh2_auth_password ---> unautorized access to servers

"Company" send_keys

"Company" send,keys

"Company" ldap

List of keywords , much thanks :

https://github.com/random-robbie/keywords/blob/master/keywords.txt

https://securitytrails.com/blog/github-dorks

You can use language:python for example to search for specific programing language codes. Example :

"Company" language:pyhton password

From [ Sort ] , you can use it to find for [ Recently Indexed ] ones which is important.

"Company" language:pyhton password NOT owner-api.teslamotors.com

Will sort the results and remove everything realted to [ owner-api.teslamotors.com ]

user:VALUE ---> To look for code commited for a specific user

org:Value ---> Specific org

https://github.com/jcesarstef/ghhdb-Github-Hacking-Database

Find Sensitive information leaks : ( Automation Approch )

Using gitrob : https://github.com/michenriksen/gitrob

Using TruffleHog : https://github.com/dxa4481/truffleHog

Using gitGraber: https://github.com/hisxo/gitGraber

Using git-all-secrets: https://github.com/anshumanbh/git-all-secrets

Using Truffle hunting: https://github.com/dxa4481/truffleHog

https://github.com/gwen001/github-search

Don't forget bitbucket, gitlab and google dorking 2. https://lmgtfy.com/

Google Dorks

intext:"© Example Inc."
site:http://ideone.com "apikey" 
site:http://ideone.com "aws_access_key_id"
intitle:" about atlassian bitbucket"

sensitive-data-exposures-with-github's People

Contributors

osamahamad avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.