LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Github Dork

2 years ago 147
BOOK THIS SPACE FOR AD
ARTICLE AD

Use Github Dork For Finding Sensitive Information

Tamim Hasan

Hello Guys, How are you hope you are well. Today I am going to talk about GitHub dork.

GitHub is where over 56 million developers shape the future of software, together. Contribute to the open-source community, manage their Git repositories, and doing lots of stuff.

And sometimes the repository contains much sensitive information like api,db credentials,ftp credentials, and much more.

You can find sensitive information on github by 2 way

AutomationManual

But we are going with the manual part.

So let's get started………

1# Simple search

At first, you should just simply search your target like xyz.com to understand their repo architecture how many repos, commits, and what kind of languages are found stuff like that.

2#Sort

Use sort: Recently Indexed to see the latest code result. Not Best Match option because old credentials may not be working now especially 4–5 years old on the other hand company also prefer the latest one.

3# Dorks

This is the main thing for github recon. In my suggestion, you can start with some basic dorks fast.

Here are some basic dork which is shared by @El3ctr0Byt3s

api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth

#Some of the mine which I use generally

remove password
root
admin
log
trash
token
FTP_PORT
FTP_PASSWORD
DB_DATABASE=
DB_HOST=
DB_PORT=
DB_PASSWORD=
DB_PW=
DB_USER=
number

#3 Language

Use github dorks with language to get more effective result.

like: language:shell username
language:sql username
language:python ftp
language:bash ftp

4#whildcard

use *(wildcard)for more result because sometime targeted website had .com or .net etc.In this case if you specify your github search like xyz.com then you may miss something of .net

You can also use *(wildcard) like *.xyz.com.

5#Url

you should also check URL (which looks important on your eyes)because some of the URL contains some important document like pdf ,ppt,xls file which may contains sensitive info.

(you may also do this simple with google dork site:xxyz.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv | ext:txt | ext:html | ext:php | ext:xls)

I said it because I found xls file on some website by doing this which contains users details.

You can find some useful google dorks in my github repo.

6#NOT

Use NOT to filter your github search and get exact information from github ocean. like: xyz.com filename:prod.exs NOT prod.secret.exs.

#7 Social Media

Follow the developers and employees of your target on social media. They can do stuff like leak teams links that are open, leak feature releases, leak acquisitions ect.

#8 Some useful github dorks:

dotfiles
filename:sftp-config.json password
filename:.s3cfg
filename:config.php dbpasswd
filename:.bashrc password
filename:.esmtprc password
filename:.netrc password
filename:_netrc password
filename:.env MAIL_HOST=smtp.gmail.com
filename:prod.exs NOT prod.secret.exs
filename:.npmrc _auth
filename:WebServers.xml
filename:sftp-config.json
filename:.esmtprc password
filename:passwd path:etc
filename:prod.secret.exs
filename:sftp-config.json
filename:proftpdpasswd
filename:travis.yml
filename:vim_settings.xml
filename:sftp.json path:.vscode
filename:secrets.yml password
extension:sql mysql dump
extension:sql mysql dump
extension:sql mysql dump password
extension:pem private
extension:ppk private

#Automation:

The manual way is best for finding sensitive info from Github. But if you want to automate this process then you can use GitDorker tool. While GitHub hunting sometimes I also you this tool.Though it is a bit slow because to prevent rate limits Gitdocker sends 30 requests per minute. But it gives you much fewer false-positive results than other tools.

You can find more github dorks on:

https://github.com/random-robbie/keywords/blob/master/keywords.txt
https://gist.github.com/jhaddix/77253cea49bf4bd4bfd5d384a37ce7a4

Some awesome write-up about github dork/recon

https://orwaatyat.medium.com/your-full-map-to-github-recon-and-leaks-exposure-860c37ca2c82
https://medium.com/hackernoon/developers-are-unknowingly-posting-their-credentials-online-caa7626a6f84
https://shahjerry33.medium.com/github-recon-its-really-deep-6553d6dfbb1f

You can also search on twitter like github dork to get more about github dork.Here people share how can they find sensitive info using github recon and what github dork they use.

To read the report about this use a simple google dork github dork site:hackerone.com.

That's all for today guys. Hope It’s helpful for you. Let me know if I made any mistakes in my write-up or you have any suggestions for me.

You can follow me on Github | Twitter | Linkedin | Facebook

Read Entire Article
  3. Github Dork

Related

NMAP Command Options

NMAP Command Options

#2. Bug Bounty POC: Time-Based SQL Injection to Dump Database

#2. Bug Bounty POC: Time-Based SQL Injection to Dump Database

24.14 Lab: HTTP request smuggling, basic TE.CL vulnerability | 2024

24.14 Lab: HTTP request smuggling, basic TE.CL vulnerability | 2024

My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI

My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI

Linux Privilege Escalation | TryHackMe — Part 2

Linux Privilege Escalation | TryHackMe — Part 2

From Novice to Ninja: Unraveling Bug Bounty Beginnings through Cache Poisoning

From Novice to Ninja: Unraveling Bug Bounty Beginnings through Cache Poisoning

Trending

1. James Anderson
2. Mbappe
3. Happy Mother's Day
4. Novak Djokovic
5. Brij Bhushan
6. Jim Simons
7. MS Dhoni
8. Yodha
9. Delhi Weather
10. Friendship marriage in Japan

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved