Where To Go with account in the corporate environment.

Due to security assessments of different projects, I found different leaked/exposed accounts on the domain of the organization. But every time it was so difficult to discover the place where I can reuse those credentials and how can I expand my attack surface. I started collecting a list of popular technological services which might have high value in case of improper access. This project should help researchers, pentesters, bounty-hunters to expand the risks of compromised accounts in the corporate environment.

Service Name | Trusted login providers ------------ | ------------- Gitlab | Google, Salesforce, Github, Bitbucket, Twitter Travis CI | Github, Bitbucket, Gitlab, Assembla Grafana | Google, Github, Microsoft Sentry | Google, Github, Azure DevOps Slack | Google Raygun | Github, Twitter, Facebook, Google Datadog | Google Atlassian | Google, Microsoft, Apple Trello | Google, Microsoft, Apple Trailblazer | Salesforce Bitbucket | Google, Microsoft, Apple Elastic Cloud | Google, Microsoft Netdata Cloud | Google, Github Jetbrains | Bitbucket Box | Google Skype | Microsoft Dropbox | Google, Apple Auth0 | Github, Google, Linkedin, Microsoft Miro | Google, Facebook, Slack, Office365, Apple Salesforce | - GitHub | - Eclipse | - Docusign | - Dynatrace | - Tenera | - Docker| - New Relic | - Hotjar | Google Splunk | - Outlook | - Azure | Github AWS | - Pivotal Tracker | Google Jamf | - JumpCloud | -

⚠️ Disclaimer The authors of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy. This project heavily relies on contributions from the public. The information included at this page is for educational purposes.