2 min readOct 17, 2025
–
Sometimes in bug bounty hunting, simple recon can lead to big results. Recently, during GitHub reconnaissance, I found an issue that turned into a valid report and earned me a four-digit bounty.
The Discovery
While checking repositories linked to employees of my target company, I came across a repo that contained a link. When I opened it, the link led to an active sheet.
The sheet exposed:
- Employee IDs and details
- An attendance form still being used daily
- Vendor-related information and other data
This wasn’t just old or leftover data — it was live and could have been misused.
The Report
Get Narayanan M’s stories in your inbox
Join Medium for free to get updates from this writer.
I documented the finding careful…
2 min readOct 17, 2025
–
Sometimes in bug bounty hunting, simple recon can lead to big results. Recently, during GitHub reconnaissance, I found an issue that turned into a valid report and earned me a four-digit bounty.
The Discovery
While checking repositories linked to employees of my target company, I came across a repo that contained a link. When I opened it, the link led to an active sheet.
The sheet exposed:
- Employee IDs and details
- An attendance form still being used daily
- Vendor-related information and other data
This wasn’t just old or leftover data — it was live and could have been misused.
The Report
Get Narayanan M’s stories in your inbox
Join Medium for free to get updates from this writer.
I documented the finding carefully, without misusing any of the data, and reported it responsibly. The company took quick action:
- The repository was removed
- The active attendance link was protected
- Sensitive information was secured
In the end, the company validated my submission and rewarded me with a four-digit bounty.
Press enter or click to view image in full size
It’s important to note that not all companies consider GitHub under scope in their bug bounty or vulnerability disclosure programs. In many cases, it comes down to the severity of the exposure. If the data leak has a real business or security impact, companies are far more likely to validate and reward the report.
When doing GitHub recon, one of the most effective approaches is to focus on repositories of employees who work at the target company. These often reveal sensitive details that don’t appear in official company repositories.
For those who want to explore GitHub recon further, I recommend this great resource: 👉 Your Full Map to GitHub Recon and Leaks Exposure
This experience showed me that impactful bugs don’t always come from complex exploitation. With careful recon and the right focus, even a single link can uncover serious issues. And at the end of the day, whether GitHub findings are accepted or not often depends on one thing: severity.
**Instagram: https://www.instagram.com/rootx_narayanan/ Twitter: **https://twitter.com/itsnarayananm