Github Recon 101 🏆👇

1. Manual Enumeration
2. Automated Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
💡Manual:
GitHub Dorking is basically finding leaks in the code pushed by the target organisation or its employees.

1. org: evilcorp[.]com
2. language:"bash" org:evilcorp[.]com
3. "target[.]com" language:python "secret" "password" "key" NOT docs NOT sandbox NOT test NOT fake
💡Dorks:

Jenkins
Jira
OTP
oauth
authoriztion
password
pwd
ftp
ssh
dotfiles
JDBC
token
user
pass
secret
SecretAccessKey
AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
S3
https://
💡Employees:
Find the matching People working for the organisation and leaking sensitive details.

1. huntr[.]io
2. site:linkedin[.]com intext:software engineer at TargetORG
3. github[.]com/orgs/google/people
💡Finding Files :
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:.npmrc _auth
filename:.dockercfg auth
filename:WebServers.xml
filename:.bash_history <Domain name>
💡Finding Usernames:
user:name (user:admin)
org:name (org:google type:users)
in:login (<username> in:login)
in:name (<username> in:name)
fullname:firstname lastname (fullname:<name> <surname>)
in:email (data in:email)
💡Finding using Extension:
extension:pem private
extension:ppk private
extension:sql mysql dump
extension:sql mysql dump password
extension:yaml secret.yaml
💡Automated Techniques (Tools):
Trufflehog
gittyleaks
Github-Dorks
Watchtower
grep[.]app
gitrob
githound
gitmonitor
gitsecrets

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rohit (If U Need help, DM's are Open)

Rohit (If U Need help, DM's are Open) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackerGautam

29 Jun
Subdomain Enumeration 101 🏆 👇

1. Passive Enumeration
2. Active Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Passive:
1. Google Dorking:
“site:*.example.org -www -store -jobs -uk”
2. virustotal
3. dnsdumpster
4. crt[.]sh
5. censys[.]io
6. Rapid7 Sonar Datasets
7. Dnsbufferover

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Unique Ways:
1. dig +multi AXFR @ns1.dns.co insecuredns.com
2. CSP (curl -I -s -L https://some[.]com | grep -iE 'Content-Security|CSP')
3. Github Subdomains
4. nmap --script targets-asn --script-args targets-asn.asn=17012
5. Scraping using webscrapers
#bugbountytips
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(