New company blog out : https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
I have been teaching this technique for 2-3 years now. It was high time we automated this.
This tool allows you to map ssh keys to corresponding git hosting accounts and if you want it also allows you to bruteforce and identify private repositories.
Did i mentioned most git hostings dont expose ssh logs or failure in accessing repo’s so no one get to know the attack itself.
#bugbounty #ssh #git #github #bitbucket #postexploitation