Trellodorker - Trello Dorking Tool

Trello is a nice website owned by Atlassian. It lets you create "boards" which contain "cards". Tasks can be moved between cards. It's a great system for keeping track of things. You can configure boards to be public or private. This is where the problems start.

Jimmy is impatient. He created a Trello board for managing the company's latest project, Super Important Project X. However. Jimmy doesn't want to send the invite link to all 15 of his underlings. 'I know!' says Jimmy to himself. 'I'll make this board public! That way they don't need Trello accounts!' Jimmy puts his FTP credentials on his Trello board and is proud of himself.

Along comes the Google search engine. 'Hohoho!' says Google. Here is a public Trello board. I suppose I will index it! Now Jimmy's FTP credentials are on Google Search. Not only that, but every detail of Super Important Project X is also on Google! He even put a Google Docs link with edit permissions on the board, and now that's public too!

Here is where my tool, Trellodorker, comes in. Suppose Jimmy's board isn't indexed yet, but his underling Kei's board is. Suppose that Google-dorking for their company, example.com, brings up Kei's board in the search results. Trellodorker automatically goes through the first 10 Trello boards that mention example.com, then iterates over every member of each board and finds all of the public boards that THEY are part of as well.

Now, since Jimmy was a member of Kei's board that was indexed by Google, Trellodorker has found Jimmy's board as well, and put it into a nice text file for the inspection of the user. That is what Trellodorker does, and can potentially uncover.

You can find it here at https://github.com/pm0c/.

Show Comments