Kaiser – @qkaiser Offensive Security – @offsectraining John Poulin – @forced_request Mauro Soria – github.com/maurosoria OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 4!
• user enumeration + no anti-automation + in- band password reset = win • LOW to PWNED, AppSec style. OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 13!
Google with site:github.com • Github search forces you to include keywords. – path:.ssh/id_rsa BEGIN • Google “site” makes it harder to focus on a target. – inurl:secret_token filetype:rb site:github.com – inurl:secret_token filetype:rb site:github.com inurl:lockitron/selfstarter OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 25!
just Github. Bitbucket, etc. – Results not as reliable as searching directly. • [recon-ng] > search github – recon/companies-multi/github_miner – recon/profiles-repositories/github_repos – recon/repositories-vulnerabilities/github_dorks OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 26!
like pastes. – Github doesn’t currently allow organizational Gists. – Grab the Gists of the organization’s developers. – Search for keywords, or just browse. • [recon-ng] > search gist – recon/repositories-vulnerabilities/gists_search OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 29!
It’s all free. • Please help me build out the lists of dorks and keywords. • Shout out to the guys at Offensive Security for maintaining and providing access to the GHDB. • Recon-ng as a Service (RAAS) • #PWAPT | 5-6 November, 2015 | Charlotte, NC http://appsec.rocks OSINT for AppSec: Recon-ng and Beyond - Tim Tomes 2015 ! 32!