Hackfest Decade 2018: Finding Valuable Needles in Global Source Code Haystacks with Automation
In this talk we’ll take a look at how OSINTers can automate having cool things brought to us. I will define “cool things,” describe data sources for those cool things, and show you how you too can Craal the web in your sleep and wake up to great results to sift through. Automated search capabilities of online developer tools are powerful and through that power we will put those tools to work in ways not originally envisioned by their creators. Our targets are Pastebin, Github, and Buckets with some help along the way from lesser known services to increase our effectiveness.
You’ll come away with the knowledge you need to lazily let the search engines of the web work for you through automation while still finding fantastic data for your random responsible disclosures or targeted bug bounties. Neither the stickiest Pastes, the hubbiest Gits, nor the seal’d’ist Buckets will be safe from you and the rest of us will be better for it. After describing the capabilities available to you I’ll tell you what you can do to keep yourself safe from this technique. If your data is already exposed in the ways described, I’ll walk you through what to do to clean up the mess.