Gihub Dorking Methodology for bug bounty !
- ManieshNeupane
- Feb 12, 2022
- 2 min read
SECRET GITHUB DORKING METHODOLOGY 🤫
1. When you go to do Github Dorking, what is the first thing you do?
==> You find your target's Github Page.
2. Then 50% of the time, you won't find leaks on their main github page, are there any other in-scope pages for github dorking?
==> Yes! When you go to the target's github page, if you scroll down you will see a tab called People.It has the employees that are officially working with your target.
3. Now from the People tab go to any employee's github page.
==> All of the Employees mentioned in the People tab are in-scope for Github dorking! How cool is that?! You just got more attack surface !
Now remember that these employees have a life other than working for your target. Means they can push sensitive leaks but they might be of the employee's private project.(maybe his personal projects),
So don't get too hyped when you see a leak by an employee, try to verify that it is information for your target, and not an external/private project of the employee.
4. The best tip: Sometimes you wont be able to find leaks by the employees in the People tab, don't worry there is still a little something to get you more attack surface :)
==> Fact- If any of the employees have leaked sensitive information in their Github Repo which is related to the company, that's a bug!
Now we are gonna find the external yet still in-scope employees :)
Use this Google Dork
site:linkedin.com
intext:software engineer at TargetORG
This will find you employees that work for your target company, but still are not listed in People tab. Why?
==>
Maybe because they are meant to kept secret and they post sensitive stuff... You never know. Now that you found some more employees, you will find their Github Pages. Usually all Software engineers have a github page.
To find their Github page use this google dork:
site:github.com intext:the_employee_here or simply search "github the_employee_here"
Now you got a lot of stuff to github dork to! Now you might actually find leaks!!
Dork to find some Juicy leaks using Github:
"target.com" language:python "secret" "password" "key" NOT support NOT docs NOT sandbox NOT docker NOT container NOT test NOT fake.
Sensitive Keywords For Gitub Dorking, password dbpassword dbuser access_key secret_access_key bucket_password redis_password root_password
For more follow us on
Twitter:
Instagram:
Thank you !
Maniesh Neupane 🇳🇵
Comments