2️⃣ Verify those secrets :
➡ After you've found some secrets it's time to verify those. For each individual key look here : github.com/streaak/keyhacks
You can use the latest trufflehog v3 to automatically verify for over 600 types of secrets as well 😃
3️⃣ Report 💰
➡ Find the company's program on #hackerone or #bugcrowd or their own bug bounty page.
➡ If nothing like that exists, use connectbit to find contacts
➡ If even that doesn't help, check people on Linkedin or Twitter for that org
🅱🅾🅽🆄🆂
Here's a video of how to automatically find and verify secrets on github, s3 buckets etc using trufflehog v3 + an interview with the creator @InsecureNature
Go on and check the video here : youtube.com/watch?v=iqC-hEd3hkE 📹 🚀