How I Found Sensitive Information using Github Dorks in Bug Bounties — Part 1

Github dorks

Photo by Markus Spiske on Unsplash

Github dorks are nothing but finding sensitive information about organizations in the GitHub repository. Lots and lots of developers reveal sensitive information in GitHub only.

What needs to be known before Recon:

1. First, know about your target (including all information like services, ports, applications they used, and much more).
2. Analyze the code and examine the code.
3. Necessary GitHub dorks are essential.
4. Check whether juice information produced an impact.

Things you need for Recon:

1. Applying suitable Github dorks.
2. What organizations do you need to perform Github recon?
3. Reviewing employee profiles.

Juicy information during recon:

1. Check whether the source code is leaking
2. Check whether passwords are in clear text.
3. Check whether tokens, API keys, Usernames, sensitive files, Internal IPs, and AWS keys are exposed.

Github dorks:

1. Finding files:

filename: vim_settings.xml

2. Finding API keys:

api_token

3. Finding languages

“language: Python”

4. Finding the user name

user : name

5. Using dates:

Created 2025–01–03 location: India

6. Using extension

extension: SQL MySQL dump

Thank you for spending time with my blog. I will update part 2 of Github recon in a few days. For future updates follow me, like and make some comments.