Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trickest/insiders

Archive of Potential Insider Threats
https://github.com/trickest/insiders

assets bugbounty bugbounty-tool bugbountytips github-recon hacking infosec osint osint-resources osint-tool penetration-testing pentesting recon reconnaissance red-team security security-tools threat-intelligence

Last synced: 3 months ago
JSON representation

Archive of Potential Insider Threats

Host: GitHub
URL: https://github.com/trickest/insiders
Owner: trickest
License: mit
Created: 2022-03-30T15:28:41.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-09-25T15:20:03.000Z (about 1 year ago)
Last Synced: 2024-05-20T12:39:18.839Z (6 months ago)
Topics: assets, bugbounty, bugbounty-tool, bugbountytips, github-recon, hacking, infosec, osint, osint-resources, osint-tool, penetration-testing, pentesting, recon, reconnaissance, red-team, security, security-tools, threat-intelligence
Homepage: https://trickest.com
Size: 379 MB
Stars: 133
Watchers: 10
Forks: 21
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - trickest/insiders - Archive of Potential Insider Threats (Others)

README

Insiders

Archive of Potential Insider Threats

Company employees' accounts, especially online git repositories, can leak sensitive data. We have found that they are even more likely to expose secrets than official brand accounts. This project aims to create a comprehensive archive of public code repositories belonging to the employees of companies that have bug bounty programs.

### Directory Structure
```
├── targets
│ ├── Target
│ │ ├── github-users.txt # User accounts collected from multiple sources
│ │ ├── github-repos.txt # GitHub repositories owned by the collected users
│ │ ├── github-repos-shell.txt # GitHub repositories that use `Shell` as a primary language - according to our statistics, these are the most likely to expose secrets
│ │ ├── github-raw.json # JSON file containing all users/repos data
│ │ └── README.md # Markdown file containing multiple statistics describing the collected data
```

[](https://trickest.io/auth/register)

## How it works
A [Trickest](https://trickest.com) workflow collects a list of targets, enumerates their employees, collects their data, cleans it up, and pushes it to this repository.

![Trickest Workflow - Hostnames](insiders.png "Trickest Workflow - Inventory")
### TB; DZ (Too big; didn't zoom)
- Get the initial list of target names from [Project Discovery's Chaos dataset](https://chaos.projectdiscovery.io/) (Thanks, [ProjectDiscovery](https://github.com/projectdiscovery))
- Use a slightly modified version of [CrossLinked](https://github.com/m8r0wn/CrossLinked) to collect employee names and usernames from LinkedIn(Thanks, [m8r0wn](https://github.com/m8r0wn))
- Generate username permutations based on the collected names/usernames.
- Enumerate public GitHub organization members using the [GitHub CLI](https://cli.github.com/) (Thanks, GitHub?)
- Merge the collected potential usernames and pass them to our own [enumerepo](https://github.com/trickest/enumerepo) which validates the usernames and enumerates their public repositories.
- All of the collected orgs/usernames/repos/gists are then passed to [TruffleHog](https://github.com/trufflesecurity/trufflehog) to find exposed secrets/credentials (Thanks [Truffle Security](https://github.com/trufflesecurity)!) as highlighted above in the `Secrets` workflow. Note that the results of this part are not pushed to this repository for obvious reasons. They are only accessible to our users who can edit/customize this workflow to view the secrets, receive notifications about new ones, or export them using one of our integrations.
- In the end, we parse and organize the collected data and push it here (except for the `Secrets` part.)
- We have the workflow scheduled to run regularly to keep the data up-to-date at all times.

**Note**: The username generation process consists of multiple steps to maximize coverage, but this could also lead to a few false positives. We carefully designed the workflow (and continue to develop it) to ensure the results are as accurate as possible but please verify the validity of this data before taking action on it.

## Contribution
All contributions/ideas/suggestions are welcome! If you want to add/edit a target/workflow, feel free to create a new ticket via [GitHub issues](https://github.com/trickest/insiders/issues), tweet at us [@trick3st](https://twitter.com/trick3st), or join the conversation on [Discord](https://discord.gg/7HZmFYTGcQ).

## Build your own workflows!
We believe in the value of tinkering. Sign up for a demo on [trickest.com](https://trickest.com) to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!

[](https://trickest.io/auth/register)