How I prevented a mass leak of user data at one of the largest Tech companies

3 months ago 21

BOOK THIS SPACE FOR AD

ARTICLE AD

Before moving on to the main topic, I would like to provide a little information. The method I have described is not entirely of my own making. I previously found an article discussing REGEX search on GitHub but I forgot the link to the medium article. So for those of you who know or think you have the article I intended as a reference, please let me know in the comments column.

Now how to filter each existing repository?

/[A-Za-z0–9-_]+\.target\.com\/+/ AND /password=[A-Za-z0–9-_]+/ AND (NOT "www.target") AND (NOT language:HTML)

What about searching for every URL that uses http or https?

You can use this regex

/https:\/\/[A-Za-z0–9-_]+\.target\.com\/+/

Sometimes to find sensitive information such as configuration you have to search by file name. You can use the regex below to search for this.

(path:/(^|\/)config\.yaml$/) AND /[A-Za-z0–9-_]+\.target\.com\/+/

To do github dorking you need to create your own more powerful query. Some of the queries above are just the basis for building even more powerful queries. I have a file called dorks.txt where I collect the results of trial and error in searching for credentials, secret keys, api keys, and other secret keys to find an information leak. Further independent exploration is the best thing you can do.

Thank you for taking your time to read this article.