Enumerate Github Users

You should always keep additional care of all of the users having permission to access your organization repositories, this data could be used in other workflows when searching for exposed credentials, API keys, or private company data.

This workflow will search for the target's company employees on Linkedin, generate permutations of usernames, and verify that these usernames exist on GitHub.

Complexity: basic

Category: Secret Discovery

Tools

crosslinked

Setup

Inputs for this workflow are the target organization name and GitHub token, if you want to test what users are accessible from the outside, you can use an arbitrary GitHub Token

Execution and results

After setup workflow is ready to be executed. Once workflow's last node, verify script, is finished result can be viewed and downloaded.

verify script will contain all of the valid GitHub Usernames you can use in different workflows or expand this workflow for even better results.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

Consider using-splitters to be able to execute the workflow on list of company names
Implement a mechanism to merge all of the previous results through scheduling and get-trickest-output

Explore other [Secret Discovery](https://trickest.com/docs/knowledge-hub/workflow-templates/secret-discovery/

) workflows from Trickest library!

IT Asset Discovery's Role in Enhancing Cybersecurity Measures