Introduction
GitHub is a web-based version-control and collaboration platform for software developers and as of right now it’s one of the easiest ways to compromise an organization. This is one of my go to techniques when I want an easy high impact finding.
Finding Sensitive Information:-
Pilliging github for sensitive information disclosures is one of the easiest ways to compromise an organization. It doesn’t matter how hardened your external perimeter is if your developers are hard coding credentials and posting them online you’re going to get compromised.
It’s fairly common for developers to hard code test accounts, API keys, or whatever when they are writing a piece of software. This makes things easy for the developer as they won’t have to enter their credentials every time they go to run/test their program. However, more times than not these credentials remain in the source code when they push it to Github, if this repository is public everyone can view it.
The first thing you need is a list of sensitive words to search on. This can be a file name, file extension, variable name, or anything else. A good list can be found below thanks to
“@obheda12”:
Once you have a list of sensitive things to search for your ready to hunt! I normally just type in the domain of the target followed by the Github Dork as shown below:
● Domain.com “password”
As you can see above, searching for the domain “hackerone.com” and the term “password” gave us 7,390 results. In a typical scenario I would end up going through 90% of these results by hand for a few hours before I find something juicy. Having to spend hours sorting through a bunch of trash is really the only downside to this technique. However, when you do find something, it typically leads to an instar high or
critical finding.
Conclusion
As of right now Github is one of the easiest ways to get a high or critical vulnerability.Almost every developer uses Github and these same developers also like hard coding passwords in their source code. As long as you’re willing to spend a few hours searching through thousands of repos you’re almost guaranteed to find something good.