|
1 | | -# github-dorks |
2 | | -Collection of github dorks |
| 1 | +# Github Dorks |
| 2 | +Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. |
| 3 | + |
| 4 | +### Contribution |
| 5 | +Please consider contributing the dorks that can reveal potentially senstive information in github. |
| 6 | + |
| 7 | +### List of Dorks |
| 8 | +List of dorks follow. I am not categorizing at the moment. Instead am going to just the list of dorks with optionally a description separated by # in the same line. Many of the dorks can be modified to make the search more specific or generic. You can see more options [HERE](https://github.com/search#search_cheatsheet_pane). |
| 9 | + |
| 10 | +``` |
| 11 | +filename:.npmrc _auth # npm registry authentication data |
| 12 | +
|
| 13 | +filename:.dockercfg auth # docker registry authentication data |
| 14 | +
|
| 15 | +extension:pem private # private keys |
| 16 | +
|
| 17 | +extension:ppk private # puttygen private keys |
| 18 | +
|
| 19 | +filename:id_rsa or filename:id_dsa # private ssh keys |
| 20 | +
|
| 21 | +extension:sql mysql dump # mysql dump |
| 22 | +
|
| 23 | +extension:sql mysql dump password # mysql dump look for password; you can try varieties |
| 24 | +
|
| 25 | +filename:credentials aws_access_key_id # might return false negatives with dummy values |
| 26 | +
|
| 27 | +filename:.s3cfg # might return false negatives with dummy values |
| 28 | +
|
| 29 | +filename:wp-config.php # wordpress config files |
| 30 | +
|
| 31 | +filename:.htpasswd # htpasswd files |
| 32 | +
|
| 33 | +filename:.env DB_USERNAME NOT homestead # laravel .env (CI, various ruby based frameworks too) |
| 34 | +
|
| 35 | +filename:.env MAIL_HOST=smtp.gmail.com # gmail smtp configuration (try different smtp services too) |
| 36 | +
|
| 37 | +filename:.git-credentials # git credentials store, add NOT username for more valid results |
| 38 | +
|
| 39 | +PT_TOKEN language:bash # pivotaltracker tokens |
| 40 | +
|
| 41 | +filename:.bashrc password # search for passwords, etc. in .bashrc (try with .bash_profile too) |
| 42 | +
|
| 43 | +filename:.bashrc mailchimp # variation of above (try more variations) |
| 44 | +
|
| 45 | +rds.amazonaws.com password # Amazon RDS possible credentials |
| 46 | +
|
| 47 | +extension:json api.forecast.io # try variations, find api keys/secrets |
| 48 | +
|
| 49 | +extension:json mongolab.com # mongolab credentials in json configs |
| 50 | +
|
| 51 | +extension:yaml mongolab.com # mongolab credentials in yaml configs (try with yml) |
| 52 | +
|
| 53 | +jsforce extension:js conn.login # possible salesforce credentials in nodejs projects |
| 54 | +
|
| 55 | +SF_USERNAME "salesforce" # possible salesforce credentials |
| 56 | +``` |
0 commit comments