OSINT (Reconnaissance) section: What is GitDorking ?

Here you will learn how to improve your level in OSINT , examples and ready search queries will be given .
(You can complete me if I forgot something in the comments).

What is it and what does it serve?

GitDorking is an extremely important part of a site reconnaissance or bugbounty program .
If you are familiar with GoogleDorking, they are very similar and serve the same purpose — keyword search in the system .

1. Sensitive authorization data:

API keys (Google, AWS, Azure, Twitter, Stripe, etc.).
Access tokens (OAuth, JWT, etc.).
Logins and passwords in code or configuration files.
SSH keys (especially private keys).
.env files containing secrets.

2. Confidential Files:

Application configuration files (config.php, .env, web.config).
Error or deploy logs (error.log, debug.log).
Database files (database.sql, .sqlite).

3. server information:

IP addresses of servers or internal hosts.
Deployment secrets (such as Ansible Vault or Kubernetes Secrets).
Logins/passwords for servers or databases.

4. Sensitive company data:

Internal documents or memos.
Names of internal projects.
Internal infrastructure data (e.g. domain names, subdomains).

5. Error or vulnerability codes:

Stationary tokens or test accounts.
Hard-coded encryption keys.
Vulnerable code or outdated libraries.

6. Personal information:

Employee email addresses.
Files with personal data (user_data.json, credentials.txt).
Photos or documents (e.g., randomly uploaded scans).

7. Vulnerable or unprotected components:

CI/CD data (e.g., files from Jenkins or GitLab CI/CD).
Scripts containing vulnerabilities.
Logins and passwords for cloud services.

1 The first thing to do is to find your “target” in github for this you can use several approaches:

by company/site name

The basic and easiest is to type in the name of the company or site and find their repository(target replace with any site): https://github.com/search?q=target&type=repositories
The bigger and better known the company, the more noise there will be in searches and similar repositories
let’s take Google as an example:

Looks like a scary 965K repositories doesn’t it ?
But look closely at the filters on the left; you will see there are fewer users there, which will allow you to find the main company more quickly. (Companies often create a separate user on the platform to store their data and developments.)

but as you can see there are still a lot of results, I will give you another way below.

Search by source code or site code

Here everything is individual, we need to open your target:target.com and try to find the source code using fuzz and finding directories (example target.com/login/FUZZ Here we try to find the .js file which is responsible for authorization) or unique code/key lines on the site. After finding them we enter them in the address Code and replace them with the found code/key https://github.com/search?q=Code&type=code.
What about the keys, they will work because they are most often unique.

2 Search within a repository/company (GitDorking)

After finding the company🏢:

Some projects and sites are developed by third parties and freelancers, so it is not always worth going down to the organizational account, but if you are sure you can go down to it and initial exploration to produce there. but for simplicity of explanation I will show an example with the organizational account.

Open a company organizational account:
https://github.com/google
To search within an organizational account you can use the search bar within github:

Or use the Google search bar and replace with your target A test with what you are looking for (further examples will be shown in this form) https://github.com/search?q=org%3Agoogle%20test&type=code

How to search for hidden data inside git ? GitDorking to help !

Start by searching GitHub for the name of your target organization combined with potentially sensitive information types such as “api key,” “api keys,” “apikey,” “authorization: Bearer,” “access_token,” “secret,” or “token.” (There is a more comprehensive list of GitDorking below at the end of the article)
Then explore the various tabs of the GitHub repository to discover API endpoints and potential weaknesses. Analyze the source code on the Code tab, find bugs on the Issues tab, and review proposed changes on the Extract Requests tab.

On the Code tab, you can view the code in its current form or use ctrl-F to search for terms you might be interested in (such as API, key, and secret). Alternatively, view historical changes to the code using the “History” button located in the upper right corner of the image above. If you encounter an issue or comment that leads you to believe that vulnerabilities were once associated with the code, you can review the historical commits to see if the vulnerabilities are still available for review.
When viewing a commit, use the Split button to view a side-by-side comparison of file versions and find the exact location where the change was made to the code.

The Split button (top right of the image above) allows you to split the previous code (left) and the updated code (right)

The “issues” tab is where developers can track bugs, tasks, and feature requests. If an issue is open, there is a good chance that the vulnerability is still present in the code .

The Pull requests tab is a place that allows developers to collaborate on changes to the code. If you review these suggested changes, sometimes you may get lucky and find a problem

Pay attention to the programming languages used, API endpoint information and usage documentation, all of which will prove useful in the future.

I thought it would not be convenient to post a large number of GitDoking examples, so you can use the link to the examples on a separate site : https://book.hacktricks.wiki/en/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.html?highlight=git%20dorking#dorks

There are also automatic tools .

Note: You can check not only the company as a whole but also users individually. Some developers may use company keys and accesses in their projects and code.