search

tillson / git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
MIT License
1.19k stars 184 forks source link

Invalid URLs being returned in results #17

Closed joefizz closed 4 years ago

joefizz commented 4 years ago

Describe the bug Results are being returned with invalid URLs that direct to 404 pages on GitHub. I suspect this may be down to me not understanding some of the nuances of GitHub.

To Reproduce Steps to reproduce the behavior:

  1. Search for some juicy secrets
  2. visit the results e.g. https://github.com/martinmoene/bd290bc0ff8248de31fd/blob/master/martinmoene/bd290bc0ff8248de31fd
  3. get a 404 page

Expected behavior Direct access to all the secrets

Screenshots If applicable, add screenshots to help explain your problem.

[https://github.com/rayantony/51ef0bf510f5154b9d81]

<td><code>X-Csrf-Token: i8XNjC4b8KVok4uw5RftR38Wgp2BFwql
https://github.com/rayantony/51ef0bf510f5154b9d81/blob/master/rayantony/51ef0bf510f5154b9d81

Desktop (please complete the following information):

tillson commented 4 years ago

Nice catch. It looks like this is an issue in how GitHound handles Gist results: check out https://gist.github.com/martinmoene/bd290bc0ff8248de31fd and https://gist.github.com/rayantony/51ef0bf510f5154b9d81 for your specific results

joefizz commented 4 years ago

ah just like that! super thank you.

tillson commented 4 years ago

I’m gonna re-open this since it is a bug at the end of the day