GitHound pinpoints exposed API keys and other sensitive information across all of GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research. Corporate and Bug Bounty Hunter use cases are outlined below. More information on methodologies is available in the accompanying blog post. Features GitHub/Gist code searching. This enables GitHound to locate sensitive information exposed across all of GitHub, uploaded by any user. Generic API key detection using pattern matching, context, Shannon entropy, and other heuristics Commit history digging to find improperly deleted sensitive information (for repositories with <6 stars) Scoring system to emphasize confident results, filter out common false positives, and to optimize intensive repo digging Base64 detection and decoding Options to build GitHound into your workflow, like custom regexes and results-only output mode Usage echo "\"tillsongalloway.com\"" | git-hound or git-hound --subdomain-file subdomains.txt Setup Download....