Github Recon and way to process

B46a00cafe34a9437d3a5bc6afc5bee3?s=47 Aditya Shende
September 26, 2020

Github Recon and way to process

Slides of GitRecon for bug bounty by Aditya Shende

B46a00cafe34a9437d3a5bc6afc5bee3?s=128

Aditya Shende

September 26, 2020
Tweet

Transcript

  1. Git-Recon

  2. WHO I AM ? Indian Bugcrowd Top 100 Bug bounty

    hunter & trainer
  3. -Understanding codes and repo -Checking view and laziness -Date ,

    Person, Authentication -Luck Your target & mind workflow
  4. "site.com" password "site.com" key= "site.com" access token "site.com" secret key

    "site.com" st no "site.com" uri= --branch= --username= -Dmaven.javadoc.skip= 0GITHUB_TOKEN= --username= FIREBASE_KEY= ENV_KEY= END_USER_USERNAME= END_USER_Password= On point !!! Basic Dorks
  5. Wait !!! Need to verify it ? -What to check

    ? -Keys, Password, Data etc ? -Who posted data -Guy from org -Interns & Dev -Not every key is issue -Use curl for keys, Search API docs -Password ! Access it bro...
  6. Example <3

  7. GOOGLE Search on google for main org repo of github

    "ea" github High chance to get valid in main
  8. Happy ?? Wait wait wait !! -Got information ,Reported -Happy

    xD, Don't post tips instantly -You may disclose bug -People are here to ask -You cant ignore -Verify, Craft report, Send them, Wait for patch
  9. -Remote access -Employee information -DB access -No data related to

    customer -Intranet access -Default URL of projects Need of program ?
  10. Bounty Rules -Don't expect anything If you did it in

    passion, you'll get dollars -Constant Recon impotant -Recon guy's are hero
  11. VERIFY DATA Some data are intended, No bug here REPORTED

    > INVALID Don't get angry, You may lose good bonds with program YES THEY DO ACCEPT THIRD PARTY Your crafting and exploits are gold. Make it high as you can BE HUMBLE WITH PROGRAM Money going no where. Don't message constant to team Final tips
  12. Tools ??? -Gitrob -GitHound -Your mind Note: I don't use

    tools, My all git recon is manual
  13. Thank you WANTS TO FOLLW ME ? DORK IT BRUH...