Merge pull request #4 from mesaugat/patch-2

Stop execution if a github exception occurs and formatting of dork lists.

Author: techgaun

README.md

@@ -13,25 +13,24 @@ pip install -r requirements.txt
 ```
 
 #### Usage
-
 ```
-GH_USER - Environment variable to specify github user
-GH_PWD - Environment variable to specify password
+GH_USER  - Environment variable to specify github user
+GH_PWD   - Environment variable to specify password
 GH_TOKEN - Environment variable to specify github token
 ```
 
 Some example usages are listed below:
 
 ```shell
-python github-dork.py -r techgaun/github-dorks      # search single repo
+python github-dork.py -r techgaun/github-dorks                          # search single repo
 
-python github-dork.py -u techgaun       # search all repos of user
+python github-dork.py -u techgaun                                       # search all repos of user
 
-python github-dork.py -u  dev-nepal     # search all repos of an organization
+python github-dork.py -u dev-nepal                                      # search all repos of an organization
 
 GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     # search as authenticated user
 
-GH_TOKEN=<github_token> python github-dork.py -u dev-nepal      # search using auth token
+GH_TOKEN=<github_token> python github-dork.py -u dev-nepal              # search using auth token
 ```
 
 #### Limitations
@@ -44,82 +43,46 @@ GH_TOKEN=<github_token> python github-dork.py -u dev-nepal      # search using a
 Please consider contributing the dorks that can reveal potentially senstive information in github.
 
 ### List of Dorks
-List of dorks follow. I am not categorizing at the moment. Instead am going to just the list of dorks with optionally a description separated by # in the same line. Many of the dorks can be modified to make the search more specific or generic. You can see more options [HERE](https://github.com/search#search_cheatsheet_pane).
-
-```
-filename:.npmrc _auth # npm registry authentication data
-
-filename:.dockercfg auth  # docker registry authentication data
-
-extension:pem private # private keys
-
-extension:ppk private # puttygen private keys
-
-filename:id_rsa or filename:id_dsa  # private ssh keys
-
-extension:sql mysql dump  # mysql dump
-
-extension:sql mysql dump password # mysql dump look for password; you can try varieties
-
-filename:credentials aws_access_key_id  # might return false negatives with dummy values
-
-filename:.s3cfg # might return false negatives with dummy values
-
-filename:wp-config.php  # wordpress config files
-
-filename:.htpasswd  # htpasswd files
-
-filename:.env DB_USERNAME NOT homestead # laravel .env (CI, various ruby based frameworks too)
-
-filename:.env MAIL_HOST=smtp.gmail.com  # gmail smtp configuration (try different smtp services too)
-
-filename:.git-credentials # git credentials store, add NOT username for more valid results
-
-PT_TOKEN language:bash  # pivotaltracker tokens
-
-filename:.bashrc password # search for passwords, etc. in .bashrc (try with .bash_profile too)
-
-filename:.bashrc mailchimp  # variation of above (try more variations)
-
-filename:.bash_profile aws  # aws access and secret keys
-
-rds.amazonaws.com password  # Amazon RDS possible credentials
-
-extension:json api.forecast.io  # try variations, find api keys/secrets
-
-extension:json mongolab.com # mongolab credentials in json configs
-
-extension:yaml mongolab.com # mongolab credentials in yaml configs (try with yml)
-
-jsforce extension:js conn.login # possible salesforce credentials in nodejs projects
-
-SF_USERNAME "salesforce"  # possible salesforce credentials
-
-filename:.tugboat NOT "_tugboat"  # Digital Ocean tugboat config
-
-HEROKU_API_KEY language:shell # Heroku api keys
-
-HEROKU_API_KEY language:json  # Heroku api keys in json files
-
-filename:.netrc password  # netrc that possibly holds sensitive credentials
-
-filename:_netrc password  # netrc that possibly holds sensitive credentials
-
-filename:hub oauth_token  # hub config that stores github tokens
-
-filename:robomongo.json   # mongodb credentials file used by robomongo
-
-filename:filezilla.xml Pass   # filezilla config file with possible user/pass to ftp
-
-filename:recentservers.xml Pass   # filezilla config file with possible user/pass to ftp
-
-filename:config.json auths  # docker registry authentication data
-
-filename:idea14.key   # IntelliJ Idea 14 key, try variations for other versions
-
-filename:config irc_pass  # possible IRC config
-
-filename:connections.xml  # possible db connections configuration, try variations to be specific
-
-filename:express.conf path:.openshift # openshift config, only email and server though
-```
+I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane).
+
+ Dork                                           | Description
+------------------------------------------------|--------------------------------------------------------------------------
+filename:.npmrc _auth                           | npm registry authentication data
+filename:.dockercfg auth                        | docker registry authentication data
+extension:pem private                           | private keys
+extension:ppk private                           | puttygen private keys
+filename:id_rsa or filename:id_dsa              | private ssh keys
+extension:sql mysql dump                        | mysql dump
+extension:sql mysql dump password               | mysql dump look for password; you can try varieties
+filename:credentials aws_access_key_id          | might return false negatives with dummy values
+filename:.s3cfg                                 | might return false negatives with dummy values
+filename:wp-config.php                          | wordpress config files
+filename:.htpasswd                              | htpasswd files
+filename:.env DB_USERNAME NOT homestead         | laravel .env (CI, various ruby based frameworks too)
+filename:.env MAIL_HOST=smtp.gmail.com          | gmail smtp configuration (try different smtp services too)
+filename:.git-credentials                       | git credentials store, add NOT username for more valid results
+PT_TOKEN language:bash                          | pivotaltracker tokens
+filename:.bashrc password                       | search for passwords, etc. in .bashrc (try with .bash_profile too)
+filename:.bashrc mailchimp                      | variation of above (try more variations)
+filename:.bash_profile aws                      | aws access and secret keys
+rds.amazonaws.com password                      | Amazon RDS possible credentials
+extension:json api.forecast.io                  | try variations, find api keys/secrets
+extension:json mongolab.com                     | mongolab credentials in json configs
+extension:yaml mongolab.com                     | mongolab credentials in yaml configs (try with yml)
+jsforce extension:js conn.login                 | possible salesforce credentials in nodejs projects
+SF_USERNAME "salesforce"                        | possible salesforce credentials
+filename:.tugboat NOT "_tugboat"                | Digital Ocean tugboat config
+HEROKU_API_KEY language:shell                   | Heroku api keys
+HEROKU_API_KEY language:json                    | Heroku api keys in json files
+filename:.netrc password                        | netrc that possibly holds sensitive credentials
+filename:_netrc password                        | netrc that possibly holds sensitive credentials
+filename:hub oauth_token                        | hub config that stores github tokens
+filename:robomongo.json                         | mongodb credentials file used by robomongo
+filename:filezilla.xml Pass                     | filezilla config file with possible user/pass to ftp
+filename:recentservers.xml Pass                 | filezilla config file with possible user/pass to ftp
+filename:config.json auths                      | docker registry authentication data
+filename:idea14.key                             | IntelliJ Idea 14 key, try variations for other versions
+filename:config irc_pass                        | possible IRC config
+filename:connections.xml                        | possible db connections configuration, try variations to be specific
+filename:express.conf path:.openshift           | openshift config, only email and server thou
+filename:.pgpass                                | PostgreSQL file which can contain passwords

github-dork.py

@@ -45,21 +45,23 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None):
                         'score': search_result.score,
                         'url': search_result.html_url
                     }
-                    print(
-                        '''Found result for {dork}
-Text matches: {text_matches}
-File path: {path}
-Score/Relevance: {score}
-URL of File: {url}
+                    print('''
+                        Found result for {dork}
+                        Text matches: {text_matches}
+                        File path: {path}
+                        Score/Relevance: {score}
+                        URL of File: {url}
                     '''.format(**fmt_args)
                     )
             except github.exceptions.ForbiddenError as e:
                 print(e)
+                return
                 # need to retry in case of API rate limit reached
-                # note done yet
+                # not done yet
             except github.exceptions.GitHubError as e:
                 print('GitHubError encountered on search of dork: ' + dork)
                 print(e)
+                return
             except Exception as e:
                 print('Error encountered on search of dork: ' + dork)
 
@@ -72,12 +74,14 @@ def main():
         description='Search github for github dorks',
         epilog='Use responsibly, Enjoy pentesting'
     )
+    
     parser.add_argument(
         '-v',
         '--version',
         action='version',
         version='%(prog)s 0.1.0'
     )
+    
     group = parser.add_mutually_exclusive_group(required=True)
     group.add_argument(
         '-u',
@@ -86,6 +90,7 @@ def main():
         action='store',
         help='Github user/org to search within. Eg: techgaun'
     )
+    
     group.add_argument(
         '-r',
         '--repo',