How I Found Sensitive Information using Github Dorks in Bug Bounties

In the second part of his blog series, the author highlights the risks associated with poor communication and misconfiguration of cloud storage by organisations, aiming to raise awareness of the need for better cyber security practices
Basic dorks for finding sensitive information include things like “company” passwords, credentials, tokens, config, keys, passes, login, and FTP, while the dorks for finding passwords specifically include “example.com” password variations, AWS credentials, and server details.
Dorks for finding language used for passwords in organisations, sensitive files and endpoints are also included, in an effort to help bug bounty hunters and ethical hackers be aware of what signs to look for on github, and elsewhere, for potential vulnerabilities.

Fast Feed