All Projects → techgaun → Github Dorks

techgaun / Github Dorks

Licence: apache-2.0
Find leaked secrets via github search

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Github Dorks

Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+44.74%)
Mutual labels:  hacktoberfest, hacking, security-audit
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2370.65%)
Mutual labels:  hacktoberfest, hacking
Name That Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
Stars: ✭ 540 (-59.46%)
Mutual labels:  hacktoberfest, hacking
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (-45.57%)
Mutual labels:  hacking, security-audit
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+370.72%)
Mutual labels:  hacktoberfest, hacking
Reconpi
ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
Stars: ✭ 490 (-63.21%)
Mutual labels:  hacktoberfest, hacking
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (-51.58%)
Mutual labels:  hacking, security-audit
W5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-72.45%)
Mutual labels:  hacking, security-audit
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+584.38%)
Mutual labels:  hacktoberfest, hacking
Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (-97.22%)
Mutual labels:  hacking, security-audit
Pythem
pentest framework
Stars: ✭ 1,060 (-20.42%)
Mutual labels:  hacking, security-audit
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-68.99%)
Mutual labels:  hacking, security-audit
Archstrike
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-69.89%)
Mutual labels:  hacking, security-audit
Autoblue Ms17 010
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
Stars: ✭ 522 (-60.81%)
Mutual labels:  hacktoberfest, hacking
Rustscan
🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+291.74%)
Mutual labels:  hacktoberfest, hacking
Habu
Hacking Toolkit
Stars: ✭ 635 (-52.33%)
Mutual labels:  hacking, security-audit
Chaos
🔥 CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.
Stars: ✭ 1,168 (-12.31%)
Mutual labels:  hacktoberfest, hacking
Badkarma
network reconnaissance toolkit
Stars: ✭ 353 (-73.5%)
Mutual labels:  hacking, security-audit
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (-73.05%)
Mutual labels:  hacking, security-audit
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-42.42%)
Mutual labels:  hacking, security-audit

Github Dorks

Github Search is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.

GitHub Dork Search Tool

github-dork.py is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file.

Installation

This tool uses github3.py to talk with GitHub Search API.

Clone this repository and run:

pip install -r requirements.txt

Usage

GH_USER  - Environment variable to specify Github user
GH_PWD   - Environment variable to specify password
GH_TOKEN - Environment variable to specify Github token
GH_URL   - Environment variable to specify GitHub Enterprise base URL

Some example usages are listed below:

python github-dork.py -r techgaun/github-dorks                          # search a single repo

python github-dork.py -u techgaun                                       # search all repos of a user

python github-dork.py -u dev-nepal                                      # search all repos of an organization

GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     # search as authenticated user

GH_TOKEN=<github_token> python github-dork.py -u dev-nepal              # search using auth token

GH_URL=https://github.example.com python github-dork.py -u dev-nepal    # search a GitHub Enterprise instance

Limitations

  • Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow.
  • Output formatting is not great. PR welcome
  • Handle rate limit and retry. PR welcome

Contribution

Please consider contributing dorks that can reveal potentially sensitive information on Github.

List of Dorks

I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options here.

Dork Description
filename:.npmrc _auth npm registry authentication data
filename:.dockercfg auth docker registry authentication data
extension:pem private private keys
extension:ppk private puttygen private keys
filename:id_rsa or filename:id_dsa private ssh keys
extension:sql mysql dump mysql dump
extension:sql mysql dump password mysql dump look for password; you can try varieties
filename:credentials aws_access_key_id might return false negatives with dummy values
filename:.s3cfg might return false negatives with dummy values
filename:wp-config.php wordpress config files
filename:.htpasswd htpasswd files
filename:.env DB_USERNAME NOT homestead laravel .env (CI, various ruby based frameworks too)
filename:.env MAIL_HOST=smtp.gmail.com gmail smtp configuration (try different smtp services too)
filename:.git-credentials git credentials store, add NOT username for more valid results
PT_TOKEN language:bash pivotaltracker tokens
filename:.bashrc password search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimp variation of above (try more variations)
filename:.bash_profile aws aws access and secret keys
rds.amazonaws.com password Amazon RDS possible credentials
extension:json api.forecast.io try variations, find api keys/secrets
extension:json mongolab.com mongolab credentials in json configs
extension:yaml mongolab.com mongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.login possible salesforce credentials in nodejs projects
SF_USERNAME salesforce possible salesforce credentials
filename:.tugboat NOT _tugboat Digital Ocean tugboat config
HEROKU_API_KEY language:shell Heroku api keys
HEROKU_API_KEY language:json Heroku api keys in json files
filename:.netrc password netrc that possibly holds sensitive credentials
filename:_netrc password netrc that possibly holds sensitive credentials
filename:hub oauth_token hub config that stores github tokens
filename:robomongo.json mongodb credentials file used by robomongo
filename:filezilla.xml Pass filezilla config file with possible user/pass to ftp
filename:recentservers.xml Pass filezilla config file with possible user/pass to ftp
filename:config.json auths docker registry authentication data
filename:idea14.key IntelliJ Idea 14 key, try variations for other versions
filename:config irc_pass possible IRC config
filename:connections.xml possible db connections configuration, try variations to be specific
filename:express.conf path:.openshift openshift config, only email and server thou
filename:.pgpass PostgreSQL file which can contain passwords
filename:proftpdpasswd Usernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.ini Ventrilo configuration
[WFClient] Password= extension:ica WinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon password Counter Strike RCON Passwords
JEKYLL_GITHUB_TOKEN Github tokens used for jekyll
filename:.bash_history Bash history file
filename:.cshrc RC file for csh shell
filename:.history history file (often used by many tools)
filename:.sh_history korn shell history
filename:sshd_config OpenSSH server config
filename:dhcpd.conf DHCP service config
filename:prod.exs NOT prod.secret.exs Phoenix prod configuration file
filename:prod.secret.exs Phoenix prod secret
filename:configuration.php JConfig password Joomla configuration file
filename:config.php dbpasswd PHP application database password (e.g., phpBB forum software)
path:sites databases password Drupal website database credentials
shodan_api_key language:python Shodan API keys (try other languages too)
filename:shadow path:etc Contains encrypted passwords and account information of new unix systems
filename:passwd path:etc Contains user account information including encrypted passwords of traditional unix systems
extension:avastlic "support.avast.com" Contains license keys for Avast! Antivirus
filename:dbeaver-data-sources.xml DBeaver config containing MySQL Credentials
filename:.esmtprc password esmtp configuration
extension:json googleusercontent client_secret OAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shell Github token usually set by homebrew users
xoxp OR xoxb Slack bot and private tokens
.mlab.com password MLAB Hosted MongoDB Credentials
filename:logins.json Firefox saved password collection (key3.db usually in same repo)
filename:CCCam.cfg CCCam Server config file
msg nickserv identify filename:config Possible IRC login passwords
filename:settings.py SECRET_KEY Django secret keys (usually allows for session hijacking, RCE, etc)
filename:secrets.yml password Usernames/passwords, Rails applications
filename:master.key path:config Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)
filename:deployment-config.json Created by sftp-deployment for Atom, contains server details and credentials
filename:.ftpconfig Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
filename:.remote-sync.json Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
filename:sftp.json path:.vscode Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:sftp-config.json Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials
filename:WebServers.xml Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].