Part of any bug bounty, external pen test or web application pen test (if it’s open source) should be utilizing OSINT. In a lot of cases, the larger the company the more likely their GitHub presence is.
In the past I’ve utilized tools like TruffleHog to search GitHub for API keys, secrets and more.
Well I found an alternative, it’s called GitHub-Search
To install it:
sudo git clone https://github.com/gwen001/github-search cd github-search sudo python3 install -r requirements3.txt