GUI Bug Bounty Tool To Find Easy P1s in 2024🤑
Hi, Ajak Amico’s welcome back to another blog today. I will show you how I used to find Easy P1 bugs within 5 Minutes. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇
Follow our Youtube Channel: @ajakcybersecurity (361 Videos)
Follow on Instagram: @ajakcybersecurity
What is GitHub?
GitHub is a Git repository hosting service, but it adds many of its own features. While Git is a command line tool, GitHub provides a Web-based graphical interface. Apart from this, it also contains API keys, passwords, customer data, etc. Basically, it contains a lot of sensitive information that can be useful for an attacker. These sensitive information leaks can cost a company thousands of dollars of damage.
As a security researcher, we will recon each and every piece of info, so when it comes to GitHub recon, I do it both manually and automated. In the case of automation, I use the following tool to find sensitive information.
Tool Used: Git Dork Helper (vsec7.github.io)
Using this tool, we can find sensitive info such as usernames, passwords, API keys, GitHub codes, etc.
Tool Usage:
This is the GUI-based tool in which we have to give the target company in the target box and click the generated link, Leave the URL box as it is It will generate the link if you click the link, it generates the appropriate GitHub dork and searches it in the GitHub. It’s a mindblowing tool If you are a beginner, you can use it to start your bug bounty journey with this tool.
As you can see, I have just entered the target as “zoho.com” and clicked the generated link, Now you can click the necessary keywords you want. It will open a new tab and show the following image below.
Before using this tool, make sure you have logged in to your GitHub account I found sensitive info via .env files exposed via GitHub recon using this tool
Dork Used: “Target.com” filename:env:
Severity: High
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Hope you would have learned some information from this blog If so, kindly press the follow button for further updates. Best wishes from Ajak Cybersecurity.❤️
“கற்றவை பற்றவை🔥”
Learn Everyday, Happy Hacking 😁🙌
https://www.buymeacoffee.com/Ajak
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Follow our Youtube Channel: @ajakcybersecurity
Follow on Instagram: @ajakcybersecurity
