trickest/insiders trickest/insiders

  • Stars
    star
    101
  • Rank 338,166 (Top 7 %)
  • Language
  • License
    MIT License
  • Created over 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
trickest/insiders
github

trickest

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Archive of Potential Insider Threats

Insiders Tweet

Archive of Potential Insider Threats

Company employees' accounts, especially online git repositories, can leak sensitive data. We have found that they are even more likely to expose secrets than official brand accounts. This project aims to create a comprehensive archive of public code repositories belonging to the employees of companies that have bug bounty programs.

Directory Structure

β”œβ”€β”€ targets
β”‚   β”œβ”€β”€ Target
β”‚   β”‚   β”œβ”€β”€ github-users.txt                     # User accounts collected from multiple sources
β”‚   β”‚   β”œβ”€β”€ github-repos.txt                     # GitHub repositories owned by the collected users
β”‚   β”‚   β”œβ”€β”€ github-repos-shell.txt               # GitHub repositories that use `Shell` as a primary language - according to our statistics, these are the most likely to expose secrets
β”‚   β”‚   β”œβ”€β”€ github-raw.json                      # JSON file containing all users/repos data
β”‚   β”‚   └── README.md                            # Markdown file containing multiple statistics describing the collected data

How it works

A Trickest workflow collects a list of targets, enumerates their employees, collects their data, cleans it up, and pushes it to this repository.

Trickest Workflow - Hostnames

TB; DZ (Too big; didn't zoom)

  • Get the initial list of target names from Project Discovery's Chaos dataset (Thanks, ProjectDiscovery)
  • Use a slightly modified version of CrossLinked to collect employee names and usernames from LinkedIn(Thanks, m8r0wn)
  • Generate username permutations based on the collected names/usernames.
  • Enumerate public GitHub organization members using the GitHub CLI (Thanks, GitHub?)
  • Merge the collected potential usernames and pass them to our own enumerepo which validates the usernames and enumerates their public repositories.
  • All of the collected orgs/usernames/repos/gists are then passed to TruffleHog to find exposed secrets/credentials (Thanks Truffle Security!) as highlighted above in the Secrets workflow. Note that the results of this part are not pushed to this repository for obvious reasons. They are only accessible to our users who can edit/customize this workflow to view the secrets, receive notifications about new ones, or export them using one of our integrations.
  • In the end, we parse and organize the collected data and push it here (except for the Secrets part.)
  • We have the workflow scheduled to run regularly to keep the data up-to-date at all times.

Note: The username generation process consists of multiple steps to maximize coverage, but this could also lead to a few false positives. We carefully designed the workflow (and continue to develop it) to ensure the results are as accurate as possible but please verify the validity of this data before taking action on it.

Contribution

All contributions/ideas/suggestions are welcome! If you want to add/edit a target/workflow, feel free to create a new ticket via GitHub issues, tweet at us @trick3st, or join the conversation on Discord.

Build your own workflows!

We believe in the value of tinkering. Sign up for a demo on trickest.com to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!

More Repositories

1

cve

Gather and update all available and newest CVEs with their PoC.
HTML
5,099
star
2

wordlists

Real-world infosec wordlists, updated regularly
804
star
3

inventory

Asset inventory on public bug bounty programs.
Shell
700
star
4

resolvers

The most exhaustive list of reliable DNS resolvers.
420
star
5

zip

Monitoring the internet for new .zip domains
205
star
6

mksub

Generate tens of thousands of subdomain combinations in a matter of seconds
Go
191
star
7

dsieve

Filter and enrich a list of subdomains by level
Go
145
star
8

mkpath

Make URL path combinations using a wordlist
Go
140
star
9

find-gh-poc

Find CVE PoCs on GitHub
Go
110
star
10

log4j

Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.
104
star
11

containers

Automated privilege escalation of the world's most popular Docker images.
Shell
62
star
12

enumerepo

List all public repositories for (valid) GitHub usernames
Go
52
star
13

safe-harbour

security.txt collection of most popular world-wide domains
50
star
14

trickest-cli

Execute Trickest workflows right from your terminal
Go
45
star
15

recon-and-vulnerability-scanner-template

Create your own recon & vulnerability scanner with Trickest and GitHub
40
star
16

cloud

Monitoring the Cloud Landscape
26
star
17

mgwls

Combine words from two wordlist files and concatenate them with an optional delimiter
Go
23
star
18

scripts

Handy scripts and one-liners to make life easier
22
star
19

elasticsearch_index

Manage attack surface data on Elasticsearch
Python
17
star
20

packages

Automated compromise detection of the world's most popular packages
13
star
21

action

Github Action for Trickest Workflows
Shell
6
star