VIDEO
HIGHLIGHT
Log InSign up
Bug Bounty Tip: Advanced GitHub Dorking for Maximum Results!
SummaryTranscriptChat

Bug Bounty Tip: Advanced GitHub Dorking for Maximum Results!

GitHub Dorking: Advanced Techniques for Finding Vulnerabilities

Introduction to GitHub Dorking

  • The video introduces the concept of GitHub dorking, focusing on advanced techniques to uncover critical vulnerabilities or P1 bugs.
  • It emphasizes that the severity of findings depends on the type of exposed data and aims to provide insights into effective search operators.

Basic Operators in GitHub Dorking

  • The initial operator discussed is "or," which allows users to search for repositories containing specific keywords, such as an organization's name (e.g., ATD).
  • To refine searches, combining keywords with additional operators like "and" can help narrow down results to specific domains (e.g., at.com).

Searching for Specific File Types

  • Users are encouraged to look for particular file types, such as JSON files, which may contain sensitive information like configurations or credentials.
  • A query example includes adding a path colon followed by the file extension (e.g., .json) to filter results effectively.

Exploring YAML Files and Other Formats

  • The presenter demonstrates searching for YAML files using similar methods, highlighting potential sensitive data within these files.
  • Emphasis is placed on exploring various file formats as they may reveal new information not found during subdomain enumeration.

Advanced Search Operators

  • The discussion transitions into advanced operators including filename, language, and path filters that enhance search specificity.
  • An asterisk (*) can be used in queries to represent any characters before a specified file extension, broadening search results.

Identifying Hard-Coded Secrets

  • The video highlights the risk of hard-coded API keys in source code; examples include Stripe secret keys that organizations use for payment processing.
  • A specific query format is provided for searching sensitive Stripe keys (e.g., sk_live_), emphasizing their importance due to potential access risks if leaked.

Additional Key Searches

  • AWS keys are mentioned as another critical area of focus; these include AWS Access Key IDs and Secret Keys essential for cloud service authentication.

Authentication and Security in API Access

AWS Access Keys

  • Authentication to APIs often requires an AWS access key and a secret key, which function similarly to passwords. If these keys are compromised, unauthorized access to S3 buckets and EC2 instances is possible.

OpenAI API Key Vulnerabilities

  • Many organizations utilize OpenAI API keys for their services. Finding these keys in source code can lead to unauthorized usage or billing abuse, as anyone with the key can make calls using the organization's paid quota.

Searching for Sensitive Information

  • The format of an OpenAI key typically starts with "SK" followed by random characters. A specific query can be used to search for this pattern within repositories.

Configuration Files and Hardcoded Secrets

  • Sensitive configuration files (e.g., .env, dockerfile) may contain hardcoded secrets. It's essential to inspect these files manually after locating them through targeted queries.

JWT Token Secrets Discovery

  • When hunting applications that use JWT tokens, it's crucial to find potential secrets within the codebase. A specific query can help identify these secrets, although no results were found during this demonstration.

Best Practices for Querying Repositories

Reporting Findings Responsibly

  • When conducting security assessments on companies' repositories, it’s important to check if they have responsible disclosure programs (like Bug Bounty programs). Reporting findings without such programs could lead to complications regarding acceptance of reports.

Conclusion and Community Engagement

Video description

In this video, I’ll show you how to use advanced GitHub dorking to find sensitive stuff like API keys, passwords, and hidden files in public repos. We’ll go through real examples and search tricks that bug bounty hunters and hackers use for better recon. If you’re into bug hunting or just want to learn how to search GitHub like a pro, this one’s for you! . . . . My Website: https://medusa0xf.com/ My Blog: https://medusa0xf.medium.com/ . . . Social media - Twitter: https://twitter.com/medusa_0xf Discord: https://discord.com/invite/2PUPD3RHHs . . . . -------------------------------------------------------------- ♪ [non copyright music] Lofi Type Beat - imperfect | aesthetic lofi music / Lofiru Link: https://youtu.be/YTQAjKBNp8g?si=XuovCXfNIE4rBLFX Music by Lukrembo Link: https://youtu.be/KGQNrzqrGqw?si=UlJD0fDn5NOGJw9t ------------------------------------------------------------- . . . #bugbounty #xss #oauth #chatgpt #owasp #owasptop10 #ssrf #recon #ethicalhacking #portswigger #owasp #bugbounty #cve #cybersecurity #graphql #apihacking #developer #hackerone #jwt #api #subdomain #portswigger #bugbounty #bola #postman #podcast #pentesting #api #hack #bola #tryhackme #hackerone #apihacking #computerscience #javascript #python #postman #ctf #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #OAuth #webhacking #programming #websecurity #technology #practical #artificialintelligence #web #recon #bypass