• Stars
    star
    2,515
  • Rank 18,241 (Top 0.4 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 9 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find leaked secrets via github search

Github Dorks

Github Search is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.

GitHub Dork Search Tool

github-dork.py is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file.

Installation

This tool uses github3.py to talk with GitHub Search API.

Clone this repository and run:

pip install .

Usage

GH_USER  - Environment variable to specify Github user
GH_PWD   - Environment variable to specify a password
GH_TOKEN - Environment variable to specify Github token
GH_URL   - Environment variable to specify GitHub Enterprise base URL

Some example usages are listed below:

github-dork.py -r techgaun/github-dorks                          # search a single repo

github-dork.py -u techgaun                                       # search all repos of a user

github-dork.py -u dev-nepal                                      # search all repos of an organization

GH_USER=techgaun GH_PWD=<mypass> github-dork.py -u dev-nepal     # search as authenticated user

GH_TOKEN=<github_token> github-dork.py -u dev-nepal              # search using auth token

GH_URL=https://github.example.com github-dork.py -u dev-nepal    # search a GitHub Enterprise instance

Limitations

  • Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow.
  • Output formatting is not great. PR welcome
  • Handle rate limit and retry. PR welcome

Contribution

Please consider contributing dorks that can reveal potentially sensitive information on Github.

List of Dorks

I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options here.

Dork Description
filename:.npmrc _auth npm registry authentication data
filename:.dockercfg auth docker registry authentication data
extension:pem private private keys
extension:ppk private puttygen private keys
filename:id_rsa or filename:id_dsa private ssh keys
extension:sql mysql dump mysql dump
extension:sql mysql dump password mysql dump look for password; you can try varieties
filename:credentials aws_access_key_id might return false negatives with dummy values
filename:.s3cfg might return false negatives with dummy values
filename:wp-config.php wordpress config files
filename:.htpasswd htpasswd files
filename:.env DB_USERNAME NOT homestead laravel .env (CI, various ruby based frameworks too)
filename:.env MAIL_HOST=smtp.gmail.com gmail smtp configuration (try different smtp services too)
filename:.git-credentials git credentials store, add NOT username for more valid results
PT_TOKEN language:bash pivotaltracker tokens
filename:.bashrc password search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimp variation of above (try more variations)
filename:.bash_profile aws aws access and secret keys
rds.amazonaws.com password Amazon RDS possible credentials
extension:json api.forecast.io try variations, find api keys/secrets
extension:json mongolab.com mongolab credentials in json configs
extension:yaml mongolab.com mongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.login possible salesforce credentials in nodejs projects
SF_USERNAME salesforce possible salesforce credentials
filename:.tugboat NOT _tugboat Digital Ocean tugboat config
HEROKU_API_KEY language:shell Heroku api keys
HEROKU_API_KEY language:json Heroku api keys in json files
filename:.netrc password netrc that possibly holds sensitive credentials
filename:_netrc password netrc that possibly holds sensitive credentials
filename:hub oauth_token hub config that stores github tokens
filename:robomongo.json mongodb credentials file used by robomongo
filename:filezilla.xml Pass filezilla config file with possible user/pass to ftp
filename:recentservers.xml Pass filezilla config file with possible user/pass to ftp
filename:config.json auths docker registry authentication data
filename:idea14.key IntelliJ Idea 14 key, try variations for other versions
filename:config irc_pass possible IRC config
filename:connections.xml possible db connections configuration, try variations to be specific
filename:express.conf path:.openshift openshift config, only email and server thou
filename:.pgpass PostgreSQL file which can contain passwords
filename:proftpdpasswd Usernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.ini Ventrilo configuration
[WFClient] Password= extension:ica WinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon password Counter Strike RCON Passwords
JEKYLL_GITHUB_TOKEN Github tokens used for jekyll
filename:.bash_history Bash history file
filename:.cshrc RC file for csh shell
filename:.history history file (often used by many tools)
filename:.sh_history korn shell history
filename:sshd_config OpenSSH server config
filename:dhcpd.conf DHCP service config
filename:prod.exs NOT prod.secret.exs Phoenix prod configuration file
filename:prod.secret.exs Phoenix prod secret
filename:configuration.php JConfig password Joomla configuration file
filename:config.php dbpasswd PHP application database password (e.g., phpBB forum software)
path:sites databases password Drupal website database credentials
shodan_api_key language:python Shodan API keys (try other languages too)
filename:shadow path:etc Contains encrypted passwords and account information of new unix systems
filename:passwd path:etc Contains user account information including encrypted passwords of traditional unix systems
extension:avastlic "support.avast.com" Contains license keys for Avast! Antivirus
filename:dbeaver-data-sources.xml DBeaver config containing MySQL Credentials
filename:.esmtprc password esmtp configuration
extension:json googleusercontent client_secret OAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shell Github token usually set by homebrew users
xoxp OR xoxb Slack bot and private tokens
.mlab.com password MLAB Hosted MongoDB Credentials
filename:logins.json Firefox saved password collection (key3.db usually in same repo)
filename:CCCam.cfg CCCam Server config file
msg nickserv identify filename:config Possible IRC login passwords
filename:settings.py SECRET_KEY Django secret keys (usually allows for session hijacking, RCE, etc)
filename:secrets.yml password Usernames/passwords, Rails applications
filename:master.key path:config Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)
filename:deployment-config.json Created by sftp-deployment for Atom, contains server details and credentials
filename:.ftpconfig Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
filename:.remote-sync.json Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
filename:sftp.json path:.vscode Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:sftp-config.json Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials
filename:WebServers.xml Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)
"api_hash" "api_id" Telegram API token
"https://hooks.slack.com/services/" Slack services URL often have secret API token as a suffix
filename:github-recovery-codes.txt GitHub recovery key
filename:gitlab-recovery-codes.txt GitLab recovery key
filename:discord_backup_codes.txt Discord recovery key
extension:yaml cloud.redislabs.com Redis credentials provided by Redis Labs found in a YAML file
extension:json cloud.redislabs.com Redis credentials provided by Redis Labs found in a JSON file

More Repositories

1

active-forks

Find active github forks of a repo https://git.io/vSnrC
JavaScript
2,143
star
2

awesome-programming-presentations

Presentations that programmers should watch
234
star
3

dynamodb-copy-table

A simple python script to copy dynamodb table (useful for achieving renaming of table)
Python
156
star
4

ex_mustang

✨ A simple, clueless bot
Elixir
68
star
5

zxcvbn-elixir

Elixir implementation of zxcvbn by dropbox
Elixir
55
star
6

mirai

Mirai related codes and stuff
C
51
star
7

auth0_ex

An elixir client library for Auth0
Elixir
43
star
8

awesome-electronics

My personal list of electronics resources for DIY
38
star
9

xss-payloads

Collection of XSS Payloads from various sources
JavaScript
28
star
10

ad-bs-converter

A javascript implementation to convert bikram samvat to anno domini and vice-versa
JavaScript
28
star
11

printer-hacking

Going through http://hacking-printers.net/
25
star
12

awesome-readings

List of Awesome Research Articles on Computer Science and Technology
25
star
13

bash-backdoor

A simple backdoor in (ba)sh with encrypted communication channel
Shell
25
star
14

ex_pwned

Elixir client for haveibeenpwned.com
Elixir
23
star
15

concourse-cheatsheet

Concourse CI cheatsheet
21
star
16

nepali-names

Huge Collection of Nepali Names
Shell
18
star
17

hack-scripts

scripts to setup pentesting system and use during pentest
Python
18
star
18

git-internals

An overview of git internals
16
star
19

darkskyx

A Darksky.net (formerly forecast.io) weather API client for Elixir
Elixir
13
star
20

ctf-writeups

CTF writeups for the CTFs and Vulnerable Boxes I play with sometimes
Python
11
star
21

dotfiles

✨ dotfiles 🔧
Perl
10
star
22

ex_google

Google Cloud SDK for Elixir
Elixir
10
star
23

docker-dive

Something about docker, does not everything but something everyone should probably read
8
star
24

gh-top-repos

Get the most starred github repositories created in last X days
Python
8
star
25

heroku-pgcli

pgcli plugin for Heroku CLI
TypeScript
8
star
26

git-squash

Git squash easy way
Shell
7
star
27

til

Today I learned
7
star
28

heroku-buildpack-mix-tasks

A simple buildpack to run mix tasks during build process
Shell
7
star
29

nepali-calendar-indicator

Simple indicator applet to show Nepali date and calendar
Python
7
star
30

easy-mouse-mover

A simple script to move mouse between monitors
Go
6
star
31

phoenix-snippets

Phoenix framework snippets I use with atom.io editor
6
star
32

egauge-fun

Having fun with egauge - http://www.egauge.net/
5
star
33

postr

Generate source code poster for fun
Elixir
5
star
34

awesome-kp-quotes

Collection of KP Sharma Oli's quotes
HTML
5
star
35

get-nepali-number

get nepali numerals from english
JavaScript
4
star
36

heroku-buildpack-subdir-to-root

A simple heroku buildpack to move sub directory to root of project
Shell
4
star
37

intro-to-serverless

An introduction to Serverless Framework
4
star
38

github-issues-pull-requests-sample

Example of https://github.com/blog/2111-issue-and-pull-request-templates
4
star
39

ex_erlstats

Erlang Stats for Elixir
Elixir
4
star
40

ad-bs-converter.py

Python implementation of https://github.com/techgaun/ad-bs-converter
Python
4
star
41

ex_sma

Simple Moving Average calculation in Elixir
Elixir
4
star
42

hajurbuwa

In memory of my beloved Grandfather, Prachanda Bahadur Budhathoki
4
star
43

xmart-things

Elixir client for Smart Things
Elixir
3
star
44

exploit-db-search

Search exploit database
Shell
3
star
45

batch-antivirus

A simple antivirus written in batch; tested only on XP
Shell
3
star
46

saancho

🔐 🔒 🔑 Command Line Password Manager
Shell
3
star
47

jwt-phoenix-sample

Sample application for using JWT with Phoenix
JavaScript
3
star
48

awesome-extras

List of awesome extras that add functionality for popular tools
3
star
49

http_digex

HTTP Digest Auth Library to create auth header to be used with HTTP Digest Authentication
Elixir
3
star
50

protocol-tests

Elixir
2
star
51

ex_raycast

A simple raycast algorithm implementation in Elixir
Elixir
2
star
52

unix-time

Unix time in various languages - A reference
2
star
53

mustang

A simple script to convert videos to animated gif
Shell
2
star
54

ports-service-mapping

A pretty comprehensive list of ports and services mapping as csv and tsv
2
star
55

awesome-music-resources

Various resources for learning music theory and its practical aspects
2
star
56

ooad-slides

Slides from our course on Object Oriented Analysis & Design
2
star
57

httphero

Composable HTTP Requests with Adapter support for HTTP clients
2
star
58

alexir

Alexa Skills Development Kit for Elixir - WIP
2
star
59

github-dorks-web

Web Interface for running github-dorks
2
star
60

dockerfiles

Collection of various dockerfiles
Dockerfile
2
star
61

crypt-b64

Simple tool to decode & encode crypt based base64 encoded text to standard base64 encoding
Go
2
star
62

apk2gold-reloaded

apk2gold-reloaded with new goodies
Shell
2
star
63

kattu

Run commands quietly unless the command fails
JavaScript
1
star
64

tg-misc-scripts

Collection of random scripts and code snippets to speedup daily chores
Shell
1
star
65

react-nepal-map

Plain simple map of Nepal using React
JavaScript
1
star
66

nepal-idol-voter

Deprecated and Unused Nepal Idol Auto Voter Source Code
Python
1
star
67

apn-gcm-docker

Dockerized APNS and GCM Mocks
JavaScript
1
star
68

ex_gecko

Geckoboard API Client and Dataset Loader for Elixir
Elixir
1
star
69

techgaun.github.io

My personal github page
JavaScript
1
star
70

named_arguments

Python like named arguments in Elixir
Elixir
1
star
71

techgaun

About me
1
star
72

browser-dead

Identify old and unsupported browsers simple easy way
JavaScript
1
star
73

yass

Yet Another Serial Sniffer
1
star
74

vim-install-ubuntu

Quick script to install vim on Ubuntu 16.04
Shell
1
star
75

influx-copy

Elixir escript to copy data between influxdb measurements
Elixir
1
star
76

elixir-tips-tricks

Just random tips and tricks while working with elixir [& phoenix and other libs/frameworks]
1
star
77

ubuntu-pentest

Turn your ubuntu into pentest distro - WIP
1
star
78

http-gzip-time

Quick bash PoC implementation of https://github.com/jcarlosn/gzip-http-time
Shell
1
star
79

dumpster

All my trashes (because I don't use them anymore)
Elixir
1
star
80

ex_klaviyo

A client sdk for accessing Klaviyo API
Elixir
1
star
81

country-quiz

Country Quiz
JavaScript
1
star
82

telix

Telit TR50 M2M Service Interface API Client For Elixir
Elixir
1
star
83

flash-kill-punisher

Simple AMX Mod X flashbang punisher plugin
1
star
84

invoice-mongo-test

Sample Invoice App With Elixir, Phoenix 1.3, Mongodb_ecto
Elixir
1
star
85

swift-failover

A swift, robust, failover toolkit to re-route network traffic through different interfaces
1
star
86

heroku-pgdb-copy

A plain simple bash script to copy and setup heroku database to your local postgres
Shell
1
star
87

vim-unicode-nepali

Write Unicode Nepali in Vim
1
star
88

get-nepday-of-week

Get day of week in Nepali
JavaScript
1
star
89

ukhaan-tukka

Random Nepali ukhan tukka
JavaScript
1
star
90

brutedns

A parallel worldlist based DNS bruteforcing utility
Python
1
star
91

carpet

A simple script to run preliminary checks on given domain as part of penetration testing process
1
star