• Stars
    star
    307
  • Rank 136,109 (Top 3 %)
  • Language
    Python
  • License
    MIT License
  • Created about 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

dora

Features

  • Blazing fast as we are using ripgrep in backend
  • Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting
  • Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis
  • Can easily be implemented into scripts. See Example Use Cases

Installation

Make sure to install ripgrep

# clone the repo
$ git clone https://github.com/sdushantha/dora.git

# change the working directory to dora
$ cd dora 

# install dora
$ python3 setup.py install --user

Usage

$ dora --help
usage: dora [options]

positional arguments:
  PATH                  Path to directory or file to scan

optional arguments:
  -h, --help            show this help message and exit
  --rg-path RG_PATH     Specify path to ripgrep
  --rg-arguments RG_ARGUMENTS
                        Arguments you want to provide to ripgrep
  --json JSON           Load regex data from a valid JSON file (default: db/data.json)
  --verbose, -v, --debug, -d
                        Display extra debugging information
  --no-color            Don't show color in terminal output

Example Use Cases

  1. Decompile an APK using apktool and run dora to find exposed API keys
  2. Scan GitHub repos by cloning it and allowing dora to scan it
  3. While scraping sites, run dora to scan for API keys

Contributing

You are more than welcome to contribute in one of the following ways:

  • Add or improve existing regular expressions for matching API keys
  • Add or improve the info in the JSON data for an API key to better help the user getting a valid bug bounty report when reporting an API key they have found
  • Fix bugs (kindly refrain from creating bugs)

Credits

Original creator - Siddharth Dushantha

Many of the regular expressions where taken from the following GitHub repositories:

Majority of the exploitation/POC methods were taken from keyhacks repository by streaak

More Repositories

1

tmpmail

A temporary email right from your terminal written in POSIX sh
Shell
3,841
star
2

wifi-password

Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect
Python
2,905
star
3

tmpsms

A temporary SMS utility right from your terminal written in POSIX sh
Shell
1,039
star
4

qr-filetransfer

Transfer files over WiFi between your computer and your smartphone from the terminal
Python
969
star
5

fontpreview

Highly customizable and minimal font previewer written in bash
Shell
912
star
6

farge

Click on a pixel on your screen and show its color value
Shell
480
star
7

recycle-bin-themes

Silly icons for the Windows Recycle Bin
PowerShell
476
star
8

snaprecovery

Recover old Snaps that have β€œdisappeared” from Snapchat
Shell
427
star
9

soundcloud-dl

🎡 Download SoundCloud music at 128kbps with album art and tags
Python
320
star
10

kunst

Download and display album art or display embedded album art
Shell
309
star
11

facebook-dl

πŸ“Ό Very minimal Facebook downloader written in 28 lines of Python code (not including comments and blank spaces)
Python
237
star
12

gitdir

Download a single directory/folder from a GitHub repo
Python
224
star
13

dotfiles

my dotfiles
Lua
223
star
14

svart

Change between dark/light mode depending on the ambient light intensity
Python
167
star
15

fileinfo

πŸ“„Get information on over 10,000 file extensions right from the terminal
Python
111
star
16

meobrute

Automate the process of brute forcing the My Eyes Only pin code on Snapchat
Shell
93
star
17

insta-dl

πŸ“· Download Instagram images from a public user.
Python
93
star
18

ff-pdf

Turn a Firefox profile into a standalone PDF reader app
Shell
87
star
19

pyradio

πŸ“» Play your favorite radio station from the terminal
Python
74
star
20

snapchat

Messing around with Snapchat's web APIs
Python
68
star
21

pine

πŸ“· A simple image to text OCR scanner for macOS
Python
55
star
22

down

β˜‘οΈ A CLI tool to check if a site or a list of sites are down or up
Python
54
star
23

vsco-dl

πŸ“· Download all of the images and videos from a VSCO user
Python
39
star
24

getroot

πŸ› οΈ Tool to bypass my school's security system to get sudo privileges on MacOS
Shell
38
star
25

bed

🧩 A very simple command line Browser Extension Downloader
Python
34
star
26

macbook-keyboard-visualizer

πŸ”† Audio visualizer using the MacBook keyboard lights
Python
31
star
27

dark-mode

πŸŒ— Control the macOS dark mode from the terminal
Python
22
star
28

awesome-bounty-rewards

A curated list of BBPs and VDPs that offer awesome/unique rewards
7
star
29

datainnbrudd.no

Overivew of all cyber incidients in Norway
MDX
7
star
30

top-secret

highly confiential top secret repository
Shell
6
star
31

sdushantha.github.io

HTML
4
star
32

bacit-php

PHP work for uni
PHP
1
star
33

bacit

IT og informasjonssystemer
Java
1
star
34

w

w
HTML
1
star
35

myquote

En teste modul 1, del 2 for is-105 faget
Go
1
star