GitHub Recon – GitHub Dorks for Recon

superior_hosting_service

Github

GitHub Recon – and what you can achieve with it!

This repository is about my talk at Hacktoberfest Chitwan 2020 on “GitHub Recon — and what you can achieve with it!“.

The original presentation given at the talk is available here: https://drive.google.com/file/d/1EwYmulb-NVAkRAn6-IQx5Hw9oiRTau-t/view?usp=sharing

I am providing the resources featured during the session here: https://docs.google.com/document/d/1S6TIDOZ4dlwdMwDdvqKPKKl9tPBzjtYFrMyr-RaeM3c/edit?usp=sharing

Slides

The slides are available in PDF format here: GitHub Recon — and what you can achieve with it!.pdf

Some Important Slides

GitHub Dorks for Recon

github dork

Sample Keywords to search for

Keywords

Resources

  • Some Amazing GitHub Dorks: https://github.com/techgaun/github-dorks
  • Keywords to search for: https://github.com/random-robbie/keywords/blob/master/keywords.txt
  • Amazing Guide to go through: https://securitytrails.com/blog/github-dorks
  • GitHub Secrets Awareness: https://www.facebook.com/askbuddie/photos/a.342347749650563/742592126292788/
  • Removing sensitive data from a repository: https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/removing-sensitive-data-from-a-repository

Automated GitHub Recon

  • GitRob: https://github.com/michenriksen/gitrob
  • TruffleHog: https://github.com/dxa4481/truffleHog
  • Git-Secrets: https://github.com/awslabs/git-secrets

Sample Target

  • HighlySecureOrganization/SuperSecureWebApp: https://github.com/HighlySecureOrganization/SuperSecureWebApp

Thanks,

Binit Ghimire