Subdomain OSINT, GitHub footer leak, and commit-history secret
Foundations OSINT engagement: marvenly.com → uat-testing subdomain; footer username notvibecoder23 → GitHub repo; git log and older commits recovered email, abandonment note, and buried artifact.
- Case files
- Subdomain OSINT, GitHub footer leak, and commit-history secret
Public subdomain and GitHub history for marvenly_site exposed developer email and a secret removed from HEAD but still in commit 33c59e5.
Enumerated UAT, cloned repo, recovered email and historical secret.
Engagement summary
Public subdomain and GitHub history for marvenly_site exposed developer email and a secret removed from HEAD but still in commit 33c59e5.
DEV DIARIES started from domain marvenly.com. Subdomain discovery found uat-testing.marvenly.com. The UAT footer leaked username notvibecoder23; Google → GitHub profile with marvenly_site. Cloning and git log revealed freelancedevbycoder23@gmail.com and a commit message about abandonment after a payment dispute. An older commit (33c59e5…) still contained the engagement artifact THM{g1t_h1st0ry_n3v3r_f0rg3ts}.
Business impact
Git history never forgets secrets deleted from the tip. Rotate any credential that ever hit a public repo; use secret scanning and history rewrite (or abandon the repo) when leaks occur. Keep UAT off the public internet without auth.
Subdomain to GitHub commit archaeology
Enumerated UAT, cloned repo, recovered email and historical secret.
OPERATOR · OSINT
savvy@lab:~$ # subdomain enum marvenly.com → uat-testing.marvenly.com
savvy@lab:~$ curl -s https://uat-testing.marvenly.com/ | grep -i coder
notvibecoder23
savvy@lab:~$ git clone https://github.com/notvibecoder23/marvenly_site/ && cd marvenly_site && git log --oneline
freelancedevbycoder23@gmail.com # author email
savvy@lab:~$ git show 33c59e5feedcbcbfee7a1f6d3a435225698f616f
THM{g1t_h1st0ry_n3v3r_f0rg3ts}
Remediation
Enable org-wide secret scanning and push protection. Auth-gate UAT. Purge sensitive commits or rotate and treat as burned.