add a github dork checker tool

techgaun · techgaun · commit 75bf80ddc397 · 2015-11-29T02:05:56.000+05:45
diff --git a/README.md b/README.md
@@ -1,6 +1,45 @@
 # Github Dorks
 [Github search](https://github.com/search) is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.
 
+### GitHub Dork Search Tool
+[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file.
+
+#### Installation
+This tool uses [pygithub3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API.
+
+Clone this repository and run:
+```shell
+pip install -r requirements.txt
+```
+
+#### Usage
+
+```
+GH_USER - Environment variable to specify github user
+GH_PWD - Environment variable to specify password
+GH_TOKEN - Environment variable to specify github token
+```
+
+Some example usages are listed below:
+
+```shell
+python github-dork.py -r techgaun/github-dorks      # search single repo
+
+python github-dork.py -u techgaun       # search all repos of user
+
+python github-dork.py -u  dev-nepal     # search all repos of an organization
+
+GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     # search as authenticated user
+
+GH_TOKEN=<github_token> python github-dork.py -u dev-nepal      # search using auth token
+```
+
+#### Limitations
+
+- Authenticated requests get a higher rate limit. But, you can still hit limit with user/org with too many repos or even with large repos or large number of dorks. This is a major limitation, imo, at the moment for this tool.
+- Output formatting is not great. PR welcome
+- Handle rate limit and retry. PR welcome
+
 ### Contribution
 Please consider contributing the dorks that can reveal potentially senstive information in github.
 
diff --git a/github-dork.py b/github-dork.py
@@ -0,0 +1,98 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+
+
+import github3 as github
+import os
+import argparse
+from time import sleep
+
+
+gh_user = os.getenv('GH_USER', None)
+gh_pass = os.getenv('GH_PWD', None)
+gh_token = os.getenv('GH_TOKEN', None)
+gh_dorks_file = "github-dorks.txt"
+
+gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token)
+
+
+def search(repo_to_search=None, user_to_search=None):
+    found = False
+    with open(gh_dorks_file, 'r') as dork_file:
+        for dork in dork_file:
+            dork = dork.strip()
+            addendum = ''
+            if repo_to_search is not None:
+                addendum = ' repo:' + repo_to_search
+            elif user_to_search is not None:
+                addendum = ' user:' + user_to_search
+
+            dork = dork + addendum
+            search_results = gh.search_code(dork)
+            try:
+                for search_result in search_results:
+                    found = True
+                    fmt_args = {
+                        'dork': dork,
+                        'text_matches': search_result.text_matches,
+                        'path': search_result.path,
+                        'score': search_result.score,
+                        'url': search_result.html_url
+                    }
+                    print(
+                        '''Found result for {dork}
+Text matches: {text_matches}
+File path: {path}
+Score/Relevance: {score}
+URL of File: {url}
+                    '''.format(**fmt_args)
+                    )
+            except github.exceptions.ForbiddenError as e:
+                print(e)
+                # need to retry in case of API rate limit reached
+                # note done yet
+            except github.exceptions.GitHubError as e:
+                print('GitHubError encountered on search of dork: ' + dork)
+                print(e)
+            except Exception as e:
+                print('Error encountered on search of dork: ' + dork)
+
+    if not found:
+        print('No results for your dork search' + addendum + '. Hurray!')
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description='Search github for github dorks',
+        epilog='Use responsibly, Enjoy pentesting'
+    )
+    parser.add_argument(
+        '-v',
+        '--version',
+        action='version',
+        version='%(prog)s 0.1.0'
+    )
+    group = parser.add_mutually_exclusive_group(required=True)
+    group.add_argument(
+        '-u',
+        '--user',
+        dest='user_to_search',
+        action='store',
+        help='Github user/org to search within. Eg: techgaun'
+    )
+    group.add_argument(
+        '-r',
+        '--repo',
+        dest='repo_to_search',
+        action='store',
+        help='Github repo to search within. Eg: techgaun/github-dorks'
+    )
+
+    args = parser.parse_args()
+    search(
+        repo_to_search=args.repo_to_search,
+        user_to_search=args.user_to_search
+    )
+
+if __name__ == '__main__':
+    main()
diff --git a/github-dorks-test.txt b/github-dorks-test.txt
@@ -0,0 +1,3 @@
+filename:.npmrc _auth
+filename:.dockercfg auth
+extension:md
diff --git a/github-dorks.txt b/github-dorks.txt
@@ -0,0 +1,38 @@
+filename:.npmrc _auth
+filename:.dockercfg auth
+extension:pem private
+extension:ppk private
+filename:id_rsa or filename:id_dsa
+extension:sql mysql dump
+extension:sql mysql dump password
+filename:credentials aws_access_key_id
+filename:.s3cfg
+filename:wp-config.php
+filename:.htpasswd
+filename:.env DB_USERNAME NOT homestead
+filename:.env MAIL_HOST=smtp.gmail.com
+filename:.git-credentials
+PT_TOKEN language:bash
+filename:.bashrc password
+filename:.bashrc mailchimp
+filename:.bash_profile aws
+rds.amazonaws.com password
+extension:json api.forecast.io
+extension:json mongolab.com
+extension:yaml mongolab.com
+jsforce extension:js conn.login
+SF_USERNAME "salesforce"
+filename:.tugboat NOT "_tugboat"
+HEROKU_API_KEY language:shell
+HEROKU_API_KEY language:json
+filename:.netrc password
+filename:_netrc password
+filename:hub oauth_token
+filename:robomongo.json
+filename:filezilla.xml Pass
+filename:recentservers.xml Pass
+filename:config.json auths
+filename:idea14.key
+filename:config irc_pass
+filename:connections.xml
+filename:express.conf path:.openshift
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+github3.py==1.0.0a2

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+filename:.npmrc _auth`
	`2`	`+filename:.dockercfg auth`
	`3`	`+extension:md`