Episode 7 - Show Notes

Listen to this episode7 - GitHub Reconnaissance - Finding the needle in the Haystack
Overview of finding sensitive data on GitHubhttps://nakedsecurity.sophos.com/2019/03/25/thousands-of-coders-are-leaving-their-crown-jewels-exposed-on-github/
Tactical steps for search GitHubhttps://gist.github.com/EdOverflow/922549f610b258f459b219a32f92d10b
GithubCloner - tool to clone repos for local scanninghttps://github.com/mazen160/GithubCloner
TruffleHog - automate password / API searcheshttps://github.com/dxa4481/truffleHog
Keyword search termshttps://github.com/random-robbie/keywords/blob/master/keywords.txt
GitHub Dorkshttps://securitytrails.com/blog/github-dorks
GitRob - tool to automate searcheshttps://github.com/michenriksen/gitrob
GitHub recon case studyhttps://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/