Home

Awesome

<h1 align="center">Insiders <a href="https://twitter.com/intent/tweet?text=Afraid%20of%20leaking%20your%20company%E2%80%99s%20sensitive%20data%3F%20%20Employees%E2%80%99%20accounts%20are%20more%20likely%20to%20expose%20secrets%20than%20official%20brand%20accounts.%20Check%20out%20%40trick3st%20Insiders%20workflow%20with%20over%20450%20companies%E2%80%99%20data!%20https%3A%2F%2Fgithub.com%2Ftrickest%2Finsiders%20%23infosec%20%23recon%20%23bugbountytips%20%23redteam"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> <h3 align="center">Archive of Potential Insider Threats</h3> Company employees' accounts, especially online git repositories, can leak sensitive data. We have found that they are even more likely to expose secrets than official brand accounts. This project aims to create a comprehensive archive of public code repositories belonging to the employees of companies that have bug bounty programs.

Directory Structure

├── targets
│   ├── Target
│   │   ├── github-users.txt                     # User accounts collected from multiple sources
│   │   ├── github-repos.txt                     # GitHub repositories owned by the collected users
│   │   ├── github-repos-shell.txt               # GitHub repositories that use `Shell` as a primary language - according to our statistics, these are the most likely to expose secrets
│   │   ├── github-raw.json                      # JSON file containing all users/repos data
│   │   └── README.md                            # Markdown file containing multiple statistics describing the collected data

<img src="./banner.png" />

How it works

A Trickest workflow collects a list of targets, enumerates their employees, collects their data, cleans it up, and pushes it to this repository.

Trickest Workflow - Hostnames

TB; DZ (Too big; didn't zoom)

Note: The username generation process consists of multiple steps to maximize coverage, but this could also lead to a few false positives. We carefully designed the workflow (and continue to develop it) to ensure the results are as accurate as possible but please verify the validity of this data before taking action on it.

Contribution

All contributions/ideas/suggestions are welcome! If you want to add/edit a target/workflow, feel free to create a new ticket via GitHub issues, tweet at us @trick3st, or join the conversation on Discord.

Build your own workflows!

We believe in the value of tinkering. Sign up for a demo on trickest.com to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!

<img src="./banner.png" />