Part of any bug bounty, external pen test or web application pen test (if it’s open source) should be utilizing OSINT. In a lot of cases, the larger the company the more likely their GitHub presence is.
In the past I’ve utilized tools like TruffleHog to search GitHub for API keys, secrets and more.
Well I found an alternative, it’s called GitHub-Search
To install it:
sudo git clone https://github.com/gwen001/github-search
cd github-search
sudo python3 install -r requirements3.txt
DONE!
END TRANSMISSION