molly/gh-dork molly/gh-dork

  • Stars
    star
    135
  • Rank 267,796 (Top 6 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created almost 3 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
molly/gh-dork
github

molly

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Github dorking tool

gh-dork

Supply a list of dorks and, optionally, one of the following:

  • a user (-u)
  • a file with a list of users (-uf)
  • an organization (-org)
  • a file with a list of organizations (-of)
  • a repo (-r)

You can also pass:

  • an output directory to store results (-o)
  • a filename to store valid items, if your users or org file may contain nonexistent users/orgs (-vif)

All input files (dorks, users, or orgs) should be newline-separated.

Usage

Clone the repository, then run pip install -r requirements.txt

The only required parameter is the dorks file (-d). See techguan's github-dorks.txt for ideas.

If an output directory is specified, a file will be created for each dork in the dorks list, and results will be saved there as well as printed. Only use an empty/nonexistent directory or it will be cleared and its contents replaced.

If your users or orgs files haven't already been filtered to remove non-existent users/orgs or those without any public code, it's highly recommended that you pass in a --valid-items-filename (-vif). This will filter out any invalid users/orgs when searching for the first dork, and avoid searching against them for subsequent dorks. The output file can also then be used as the input users/orgs file to speed up later script runs.

Example usage:

python gh-dork.py -d dorks.txt                                       # Basic usage
python gh-dork.py -d dorks.txt -u molly                              # Search repos of a specific user
python gh-dork.py -d dorks.txt -uf users.txt                         # Search repos of all users in the list
python gh-dork.py -d dorks.txt -uf users.txt -vif valid_users.txt    # Search repos of all users in the list, filtering out nonexistent users
python gh-dork.py -d dorks.txt -org github                           # Search repos of a specific organization
python gh-dork.py -d dorks.txt -of orgs.txt                          # Search repos of all orgs in the list
python gh-dork.py -d dorks.txt -of orgs.txt -vif valid_orgs.txt      # Search repos of all orgs in the list, filtering out nonexistent orgs
python gh-dork.py -d dorks.txt -r molly/gh-dork                      # Search the specified repo
python gh-dork.py -d dorks.txt -o results                            # Store results in files in the results/ directory, *overwriting any directory contents*

Authentication

Authentication is done with environment variables. You can authenticate with a Github private access token (GH_TOKEN), or username and password (GH_USER and GH_PASS). If you have two-factor authentication enabled, you will be prompted for a two-factor code.

You can also pass a Github Enterprise base URL (GH_URL) to search against that Github instance; if omitted, this will run against github.com.

If no credentials are provided or if credentials are invalid, the script will still run, but will be limited by the much lower rate limits for unauthenticated users.

Credits

Loosely based on techgaun/github-dorks.

More Repositories

1

web3-is-going-great

A timeline of some of the greatest hits in cryptocurrencies, NFTs, and other web3 projects since the beginning of 2021
JavaScript
773
star
2

static-timeline-generator

Create static timeline webpages.
JavaScript
437
star
3

annotate

Annotate text and publish it on the web
HTML
277
star
4

manager-README

A crash course on what to expect if I'm your tech lead
122
star
5

twitterbot_framework

A very basic framework for creating Twitter bots.
Python
58
star
6

wikimedia-timeline

A timeline of events surrounding the Wikimedia Discovery project, senior leadership, staff departures, and other unrest at the Wikimedia Foundation from 2014–2016.
HTML
46
star
7

CyberPrefixer

Twitter bot to prefix "cyber" to news headlines
Python
43
star
8

w3igg-crossposter

Automate crossposting web3isgoinggreat.com posts to social media
Python
38
star
9

SOFT-HRUF

SOFT/HRUF free and open source steno hardware
37
star
10

GorillaBot

IRC bot framework written in Python.
Python
30
star
11

courtlistener-download

Chrome extension to download all files related to one docket entry on CourtListener
JavaScript
22
star
12

website-v2

v2 of my personal website
Pug
20
star
13

dynamic-website

Small app to power the dynamic portions of my website.
JavaScript
18
star
14

blog

SCSS
17
star
15

allmybotsgone

Python
16
star
16

misheardly

Twitter bot to mishear song lyrics
Python
13
star
17

ftx-contagion

Chart of the FTX contagion
12
star
18

yourevalued

Twitter bot to tell people they're valued.
Python
12
star
19

reading-list-extension

Chrome extension to add items to my reading lists
JavaScript
11
star
20

follow-the-crypto

Follow the cryptocurrency industry’s influence on 2024 elections in the United States.
TypeScript
10
star
21

paywall-bot

A Bluesky bot to help people find unpaywalled resources.
Python
10
star
22

SubstitutionBot

Twitter bot to make funny news headlines a la http://xkcd.com/1288/.
Python
9
star
23

follow-the-crypto-backend

Python
9
star
24

Wikisource-to-LaTeX

A Python project that traverses through a Wikisource project and compiles it into a LaTeX book.
Python
7
star
25

nft-theft-analysis

Python
6
star
26

easyreader

Custom JS/CSS to make Wikipedia pages more comfortable to read
CSS
6
star
27

snowbot

A Twitter bot that tells you the forecast for Boston, but more importantly tells you when that forecast changes.
Python
6
star
28

citation-needed-scripts

Scripts for CitationNeeded.news
JavaScript
6
star
29

absolute-dates

Chrome extension to show absolute dates where only relative dates are displayed
JavaScript
5
star
30

mass-shooting-map

Generate a map template of mass shootings in the United States for usage on Wikipedia.
Python
3
star
31

newsletter

HTML
3
star
32

wikipedia-covid-ma

Scripts to help update the Wikipedia article on the COVID pandemic in Massachusetts.
Python
3
star
33

delete-tweets

Script to delete tweets older than a specified date
Python
2
star
34

website

Code for my current website
HTML
2
star
35

citation-needed-backend

Small webhook server to augment a self-hosted Ghost site at CitationNeeded.news
JavaScript
2
star
36

ghost-patches

Patches to the Ghost core software, used for the Citation Needed newsletter
2
star
37

mbta-ui

Frontend for the MBTA transit app.
JavaScript
1
star
38

bias

JavaScript
1
star
39

audit-cuos

Generate activity reports for functionaries on the English Wikipedia.
Python
1
star
40

website-v3

v3 of my personal website
Nunjucks
1
star
41

convert-gmail-timestamp

Convert GMail timestamps to ISO 8601 timestamps
Python
1
star
42

brandeis

Parser to convert Mark Holmquist's lochner files to wikitext.
Python
1
star