Scanning internal (git directories) leaks using Improper input validation in truffleHog function
urlHost = urlparse(argument).netloc if urlHost != "github.com" and urlHost != "gitlab.com": await ctx.send("**You're trying to scan unallowed URL, please use a github/gitlab URL.**") return
The following filter doesn't scan for URL Schemes ( http, file, https) So by using the following URL
(gitDirectory) should have .git file in it so truffleHog can scan it
1- Setup Discord-Recon server in your Discord and then make a git Repo folder which contains leaks 2- use 'file://github.com/../gitDirectoryLocation'
This vulnerability is capable of scanning internal repos for leaks however its low since you need to know the PATH of the gitDirectory