Where To Go with account in the corporate environment.

Due to security assessments of different projects, I found different leaked/exposed accounts on the domain of the organization. But every time it was so difficult to discover the place where I can reuse those credentials and how can I expand my attack surface. I started collecting a list of popular technological services which might have high value in case of improper access. This project should help researchers, pentesters, bounty-hunters to expand the risks of compromised accounts in the corporate environment.

Service Name	Trusted login providers
Gitlab	Google, Salesforce, Github, Bitbucket, Twitter
Travis CI	Github, Bitbucket, Gitlab, Assembla
Grafana	Google, Github, Microsoft
Sentry	Google, Github, Azure DevOps
Slack	Google
Raygun	Github, Twitter, Facebook, Google
Datadog	Google
Atlassian	Google, Microsoft, Apple
Trello	Google, Microsoft, Apple
Trailblazer	Salesforce
Bitbucket	Google, Microsoft, Apple
Elastic Cloud	Google, Microsoft
Netdata Cloud	Google, Github
Jetbrains	Bitbucket
Box	Google
Skype	Microsoft
Dropbox	Google, Apple
Auth0	Github, Google, Linkedin, Microsoft
Miro	Google, Facebook, Slack, Office365, Apple
Salesforce	-
GitHub	-
Eclipse	-
Docusign	-
Dynatrace	-
Tenera	-
Docker	-
New Relic	-
Hotjar	Google
Splunk	-
Outlook	-
Azure	Github
AWS	-
Pivotal Tracker	Google
Jamf	-
JumpCloud	-

⚠️ Disclaimer The authors of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy. This project heavily relies on contributions from the public. The information included at this page is for educational purposes.