GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sdushantha → dora

sdushantha / dora

Licence: MIT license
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Programming Languages

python
139335 projects - #7 most used programming language

Labels

regexexploitsinfosecbugbountyethical-hackingbugcrowdhackeroneapikeys

Projects that are alternatives of or similar to dora

Galaxy-Bugbounty-Checklist
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Stars: ✭ 34 (-85.15%)
Mutual labels:  bugbounty, ethical-hacking, bugcrowd, hackerone
Domainker
BugBounty Tool
Stars: ✭ 40 (-82.53%)
Mutual labels:  bugbounty, bugcrowd, hackerone
credcheck
Credentials Checking Framework
Stars: ✭ 50 (-78.17%)
Mutual labels:  bugbounty, bugcrowd, hackerone
h1-search
Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-74.67%)
Mutual labels:  infosec, bugbounty, hackerone
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+586.46%)
Mutual labels:  bugbounty, bugcrowd, hackerone
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-62.88%)
Mutual labels:  bugbounty, bugcrowd, hackerone
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-86.46%)
Mutual labels:  bugbounty, bugcrowd, hackerone
Zile
Extract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-73.36%)
Mutual labels:  regex, bugbounty
py-scripts-other
A collection of some of my scripts
Stars: ✭ 79 (-65.5%)
Mutual labels:  infosec, bugbounty
fuzzmost
all manner of wordlists
Stars: ✭ 23 (-89.96%)
Mutual labels:  infosec, bugbounty
Findsploit
Find exploits in local and online databases instantly
Stars: ✭ 1,160 (+406.55%)
Mutual labels:  exploits, bugbounty
FSEC-VM
Backend logic implementation for Vulnerability Management System
Stars: ✭ 19 (-91.7%)
Mutual labels:  exploits, infosec
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-37.99%)
Mutual labels:  infosec, bugbounty
Sec Admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (-3.06%)
Mutual labels:  exploits, infosec
Routersploit
Exploitation Framework for Embedded Devices
Stars: ✭ 9,866 (+4208.3%)
Mutual labels:  exploits, infosec
H4cker
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+4463.76%)
Mutual labels:  exploits, ethical-hacking
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+108.73%)
Mutual labels:  infosec, bugbounty
rejig
Turn your VPS into an attack box
Stars: ✭ 33 (-85.59%)
Mutual labels:  infosec, bugbounty
SuperLibrary
Information Security Library
Stars: ✭ 60 (-73.8%)
Mutual labels:  infosec, bugbounty
Securitymanageframwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (+65.07%)
Mutual labels:  exploits, infosec
View All Similar Projects ➔

dora

Features

  • Blazing fast as we are using ripgrep in backend
  • Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting
  • Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis
  • Can easily be implemented into scripts. See Example Use Cases

Installation

Make sure to install ripgrep

# clone the repo
$ git clone https://github.com/sdushantha/dora.git

# change the working directory to dora
$ cd dora 

# install dora
$ python3 setup.py install --user

Usage

$ dora --help
usage: dora [options]

positional arguments:
  PATH                  Path to directory or file to scan

optional arguments:
  -h, --help            show this help message and exit
  --rg-path RG_PATH     Specify path to ripgrep
  --rg-arguments RG_ARGUMENTS
                        Arguments you want to provide to ripgrep
  --json JSON           Load regex data from a valid JSON file (default: db/data.json)
  --verbose, -v, --debug, -d
                        Display extra debugging information
  --no-color            Don't show color in terminal output

Example Use Cases

  1. Decompile an APK using apktool and run dora to find exposed API keys
  2. Scan GitHub repos by cloning it and allowing dora to scan it
  3. While scraping sites, run dora to scan for API keys

Contributing

You are more than welcome to contribute in one of the following ways:

  • Add or improve existing regular expressions for matching API keys
  • Add or improve the info in the JSON data for an API key to better help the user getting a valid bug bounty report when reporting an API key they have found
  • Fix bugs (kindly refrain from creating bugs)

Credits

Original creator - Siddharth Dushantha

Many of the regular expressions where taken from the following GitHub repositories:

Majority of the exploitation/POC methods were taken from keyhacks repository by streaak

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].