avatarAjak Cyber security

Summary

Ajak Amico demonstrates how to use Git Dork Helper, a GUI-based tool, to find P1 (Priority 1) security vulnerabilities within 5 minutes by leveraging GitHub reconnaissance.

Abstract

In a recent blog post, Ajak Amico welcomes readers and subscribes to his cybersecurity channel, emphasizing content related to cybersecurity, Bug Bounty, and Digital Forensics Investigation. He introduces Git Dork Helper, a tool hosted on vsec7.github.io, which facilitates the discovery of sensitive information such as usernames, passwords, and API keys on GitHub. The tool simplifies the process of searching for this information, which can be valuable for attackers and potentially cost companies significant losses. Ajak provides a walkthrough of using the tool with "zoho.com" as an example, demonstrating how it can generate GitHub dork queries and reveal exposed .env files, which he classifies as a high severity issue. He encourages readers to follow his referral links for Medium Membership and to support him via Buy Me a Coffee. The post concludes with motivational quotes and reminders to follow his social media channels for more updates.

Opinions

  • The author positively endorses the Git Dork Helper tool for its user-friendliness and effectiveness in finding high-severity security issues.
  • Ajak Amico values the sharing of knowledge and tools within the cybersecurity community, as evidenced by his detailed tutorial and encouragement for continuous learning.
  • The author emphasizes the importance of cybersecurity research and the potential financial impact of sensitive data leaks on companies.
  • Ajak suggests that beginners in bug bounty can benefit from using the Git Dork Helper tool to kickstart their journey in the field.
  • He expresses a personal interest in the growth of his channel and engagement with his audience, requesting subscriptions and follows on various platforms.
  • The inclusion of motivational quotes and a call to action for support via Medium Membership and Buy Me a Coffee indicates the author's commitment to his work and community.

GUI Bug Bounty Tool To Find Easy P1s 🤑

Hi, Ajak Amico’s welcome back to another blog today. I will show you how I used to find Easy P1 bugs within 5 Minutes. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (330 Videos)

Follow on Instagram: @ajakcybersecurity

Join Medium Membership via My referral😁👇https://medium.com/@ajaksecurity/membership

What is GitHub?

GitHub is a Git repository hosting service, but it adds many of its own features. While Git is a command line tool, GitHub provides a Web-based graphical interface. Apart from this, it also contains API keys, passwords, customer data, etc. Basically, it contains a lot of sensitive information that can be useful for an attacker. These sensitive information leaks can cost a company thousands of dollars of damage.

As a security researcher, we will recon each and every piece of info, so when it comes to GitHub recon, I do it both manually and automated. In the case of automation, I use the following tool to find sensitive information.

Tool Used: Git Dork Helper (vsec7.github.io)

Using this tool, we can find sensitive info such as usernames, passwords, API keys, GitHub codes, etc.

Tool Usage:

This is the GUI-based tool in which we have to give the target company in the target box and click the generated link, Leave the URL box as it is It will generate the link if you click the link, it generates the appropriate GitHub dork and searches it in the GitHub. It’s a mindblowing tool If you are a beginner, you can use it to start your bug bounty journey with this tool.

As you can see, I have just entered the target as “zoho.com” and clicked the generated link, Now you can click the necessary keywords you want. It will open a new tab and show the following image below.

Before using this tool, make sure you have logged in to your GitHub account I found sensitive info via .env files exposed via GitHub recon using this tool

Dork Used: “Target.com” filename:env: Severity: High

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Hope you would have learned some information from this blog If so, kindly press the follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

https://www.buymeacoffee.com/Ajak

Join Medium Membership via My referral😁👇

https://medium.com/@ajaksecurity/membership

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity

Bug Bounty
Hacking
Penetration Testing
Medium
Blog
Recommended from ReadMedium
avatarGökhan Güzelkokar
From Long-Term Hacking to Instant Rewards: Finding SQLi in 3 Minutes Worth $3125

I believe that if you want to succeed in bug bounty, you should focus on programs that you have been hacking for a long time, like 2–3…

3 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarPath Cybersec [Slava Moskvin]
Found Bugs, Got paid, Stayed poor: Making a Living with Bug Bounties

Early 2021. After feeling unsatisfied with my job for quite some time and battling burnout, I decided to take a sabbatical. “To hell with…

6 min read
avatarMeerabell
How to Use Google Dorks to Find Vulnerabilities

3 min read
avatarViktor Mares
ALWAYS test 404 Not Found in Bug Bounties!

Hi everyone, today I want to show why you should always test websites that have no “/” directory and what many other Bug Bounty hunters…

4 min read
avatarzack0x01
Find XSS on the Fly 🔥( Full guide )

Discover my comprehensive guide on identifying all types of XSS vulnerabilities, including stored, reflected, and DOM-based XSS.

8 min read