Gist search shows authenticity_token of GitHub itself.

tillson / git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

MIT License

1.2k stars 187 forks source link

Gist search shows authenticity_token of GitHub itself. #35

Closed Spacewalker2 closed 2 years ago

Spacewalker2 commented 4 years ago

Hello,

thanks for the great tool! I'm using git-hound version 110.b18095e-1 of the blackarch repository like git-hound --many-results --threads 100 <<< "example.com". If it is running the gist search then git-hound shows the authenticity_token of the GitHub page itself.

Bye

Regala commented 3 years ago

My results are also flooded with authenticity_token and timestamp_secret, don't know if it's from the same thing but makes really hard to see actual results/findings

yayaainana commented 3 years ago

me too

schmiele commented 3 years ago

same for me, using version from github on Debian

Canon88 commented 2 years ago

me too

tillson commented 2 years ago

Could you send a screenshot of this?