GitHub Recon – and what you can achieve with it!
This repository is about my talk at Hacktoberfest Chitwan 2020 on “GitHub Recon — and what you can achieve with it!“.
The original presentation given at the talk is available here: https://drive.google.com/file/d/1EwYmulb-NVAkRAn6-IQx5Hw9oiRTau-t/view?usp=sharing
I am providing the resources featured during the session here: https://docs.google.com/document/d/1S6TIDOZ4dlwdMwDdvqKPKKl9tPBzjtYFrMyr-RaeM3c/edit?usp=sharing
Slides
The slides are available in PDF format here: GitHub Recon — and what you can achieve with it!.pdf
Some Important Slides
GitHub Dorks for Recon
Sample Keywords to search for
Resources
- Some Amazing GitHub Dorks: https://github.com/techgaun/github-dorks
- Keywords to search for: https://github.com/random-robbie/keywords/blob/master/keywords.txt
- Amazing Guide to go through: https://securitytrails.com/blog/github-dorks
- GitHub Secrets Awareness: https://www.facebook.com/askbuddie/photos/a.342347749650563/742592126292788/
- Removing sensitive data from a repository: https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/removing-sensitive-data-from-a-repository
Automated GitHub Recon
- GitRob: https://github.com/michenriksen/gitrob
- TruffleHog: https://github.com/dxa4481/truffleHog
- Git-Secrets: https://github.com/awslabs/git-secrets
Sample Target
- HighlySecureOrganization/SuperSecureWebApp: https://github.com/HighlySecureOrganization/SuperSecureWebApp
Thanks,
Binit Ghimire
Leave a Reply