hacktricks/cloud-security/github-security
2021-11-30 18:06:32 +00:00
..
basic-github-information.md GitBook: [#2878] update 2021-11-30 18:06:32 +00:00
README.md GitBook: [#2878] update 2021-11-30 18:06:32 +00:00

Github Security

What is Github

(From here) At a high level, GitHub is a website and cloud-based service that helps developers store and manage their code, as well as track and control changes to their code.

Basic Information

{% content-ref url="basic-github-information.md" %} basic-github-information.md {% endcontent-ref %}

External Recon

Github repositories can be configured as public, private and internal.

  • Private means that only people of the organisation will be able to access them
  • Internal means that only people of the enterprise (an enterprise may have several organisations) will be able to access it
  • Public means that all internet is going to be able to access it.

In case you know the user, repo or organisation you want to target you can use github dorks to find sensitive information or search for sensitive information leaks on each repo.

Github Dorks

Github allows to search for something specifying as scope a user, a repo or an organisation. Therefore, with a list of strings that are going to appear close to sensitive information you can easily search for potential sensitive information in your target.

Tools (each tool contains its list of dorks):

Github Leaks

Please, note that the github dorks are also meant to search for leaks using github search options. This section is dedicated to those tools that will download each repo and search for sensitive information in them (even checking certain depth of commits).

Tools (each tool contains its list of regexes):

Internal Recon

With User Credentials

With User SSH Key

GPG Keys

With User Token

With Oauth Application

With Github Application

With Malicious Github Action

Bypassing Branch Protection