We all know the famous quote “Think out of the box”. Technical knowledge is important but creativity is also. In bug bounty, to get nice rewards, sometimes you don’t need to be a crazy coder or great network engineer, you simply need to try what other didn’t.
This year, Slack get in trouble because many developers leave their credentials in their public repository. Last year Uber had to deal with a major security issue: database keys were stored in GitHub (this leads to a sweet bounty for the finder).
I found an interesting project, on GitHub itself, to parse the search engine results: vcsmap from Melvinsh. Unfortunately the scrapper seems to have trouble with search that required authentication. Since I don’t understand Ruby, I wrote my own tool with PHP.