From 88d8d5c8e2f30fd82ddedb9dffe80172a9a7954b Mon Sep 17 00:00:00 2001 From: R Conner Howell Date: Wed, 14 Jun 2017 16:52:32 -0700 Subject: [PATCH 01/28] Add option to export results to CSV (#26) --- github-dork.py | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/github-dork.py b/github-dork.py index 95ce286..b62f70f 100644 --- a/github-dork.py +++ b/github-dork.py @@ -47,9 +47,10 @@ def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, + output_filename=None, refresh_time=60): if active_monit is None: - search(repo_to_search, user_to_search, gh_dorks_file, active_monit) + search(repo_to_search, user_to_search, gh_dorks_file, active_monit, output_filename) else: monit(gh_dorks_file, active_monit, refresh_time) @@ -82,7 +83,9 @@ def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, - active_monit=None): + active_monit=None, + output_filename=None): + if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): @@ -92,7 +95,15 @@ def search(repo_to_search=None, if repo_to_search: print("Scanning Repo: ", repo_to_search) found = False + + outputFile = None + if output_filename: + outputFile = open(output_filename, 'w') + with open(gh_dorks_file, 'r') as dork_file: + # Write CSV Header + if outputFile: + outputFile.write('Issue Type (Dork), Text Matches, File Path, Score/Relevance, URL of File\n') for dork in dork_file: dork = dork.strip() if not dork or dork[0] in '#;': @@ -115,12 +126,18 @@ def search(repo_to_search=None, 'score': search_result.score, 'url': search_result.html_url } - result = '\n'.join([ - 'Found result for {dork}', - 'Text matches: {text_matches}', 'File path: {path}', - 'Score/Relevance: {score}', 'URL of File: {url}', '' - ]).format(**fmt_args) - print(result) + + # Either write to file or print output + if outputFile: + outputFile.write('{dork}, {text_matches}, {path}, {score}, {url}\n'.format(**fmt_args)) + else: + result = '\n'.join([ + 'Found result for {dork}', + 'Text matches: {text_matches}', 'File path: {path}', + 'Score/Relevance: {score}', 'URL of File: {url}', '' + ]).format(**fmt_args) + print(result) + except github.exceptions.GitHubError as e: print('GitHubError encountered on search of dork: ' + dork) print(e) @@ -171,12 +188,21 @@ def main(): help='Monitors Github user private feed with feed token' ) + parser.add_argument( + '-o', + '--outputFile', + dest='output_filename', + action='store', + help='CSV File to write results to. This overwrites the file provided! Eg: out.csv' + ) + args = parser.parse_args() metasearch( repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, gh_dorks_file=args.gh_dorks_file, - active_monit=args.active_monit) + active_monit=args.active_monit, + output_filename=args.output_filename) if __name__ == '__main__': From 647ee549c84e65400f25095d14128bbd013128a2 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 09:25:04 -0600 Subject: [PATCH 02/28] Added Django SECRET_KEYs. (#27) * Added pattern for django secret keys * Update README.md --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 51fd741..6045779 100644 --- a/README.md +++ b/README.md @@ -118,3 +118,4 @@ xoxp OR xoxb | Slack bot and private tokens filename:logins.json | Firefox saved password collection (key3.db usually in same repo) filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords +filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) diff --git a/github-dorks.txt b/github-dorks.txt index 02a8a7f..4a0211d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -71,3 +71,4 @@ xoxp OR xoxb filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config +filename:settings.py SECRET_KEY From e5a58673894c5972b9a99a0d67f3c8b4c79fc405 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 11:02:42 -0600 Subject: [PATCH 03/28] Added pull request templates (#28) * Create PULL_REQUEST_TEMPLATE.md * Moved to .github --- .github/PULL_REQUEST_TEMPLATE.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..98b90f0 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,13 @@ +### Please include all of the following fields when adding dorks/patterns +- Search URL: https://github.com/search?q= +- Number of search results at time of PR: +- Impact of data disclosed (see table below): +- Description of data disclosed: + +| Icon/Name | Description | Examples | +|-----------|---------------------------------------------------------------------------------------------------------|----------------------------------------------------------------| +❓ Unknown | The impact of this data is highly variable or unknown) | N/A | +➖ Low | This data will provide minimal access or mostly public information) | Non-stored XSS, Limited scope + read-only API access | +➕ Moderate | This data will provide some access or information | Stored XSS in some cases, read-only or limited write API access| +⚠️ High | This data will provide single-user access or secret information) | Usernames/passwords, OAuth tokens | +❗️ Critical | This data will provide complete control, access to several users, or confidential/personal information | Credential database dumps, AWS keys From d6c0014978f215cdeffe3075a7a7107c4ae039e5 Mon Sep 17 00:00:00 2001 From: Craig Hays Date: Wed, 28 Feb 2018 15:16:06 +0000 Subject: [PATCH 04/28] Adding Rails secrets.yml dork (#30) Rails uses a file secrets.yml to hold API keys and passwords. This should never be in github repositories... but it often is. Adding this to the list. --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 4a0211d..d256d1a 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -72,3 +72,4 @@ filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY +filename:secrets.yml password From 86299220a1007a6e28843c69f0fb48b966c02503 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:12:16 -0700 Subject: [PATCH 05/28] Fixed extension filter usage for two dorks (closes #33) --- README.md | 4 ++-- github-dorks.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6045779..ad92d62 100644 --- a/README.md +++ b/README.md @@ -108,8 +108,8 @@ path:sites databases password | Drupal website database creden shodan_api_key language:python | Shodan API keys (try other languages too) filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems -extension:avastlic | Contains license keys for Avast! Antivirus -extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials +extension:avastlic "support.avast.com" | Contains license keys for Avast! Antivirus +filename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..fa48128 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -60,8 +60,8 @@ shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc filename:passwd path:etc -extension:avastlic -extension:dbeaver-data-sources.xml +extension:avastlic "support.avast.com" +filename:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret From a4b0e49f6dcae37b3e21715f0bbf7f098742e09f Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:21:40 -0700 Subject: [PATCH 06/28] Added dorks using filenames from Git wiping (h/t @badpackets) --- github-dorks.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..bd57188 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,3 +73,10 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:deployment-config.json +filename:.ftpconfig +filename:.remote-sync.json +filename:sftp.json path:.vscode +filename:sftp-config.json +filename:WebServers.xml + From cbd0af4bf4fdaf4095588d72177a7c1e3f84d9bf Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:41:05 -0700 Subject: [PATCH 07/28] Added descriptions for dorks --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6045779..1abb760 100644 --- a/README.md +++ b/README.md @@ -119,3 +119,9 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials +filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials +filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials +filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails +filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) From 07e311d4b98a1789494aea3827ed274da75db2d7 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:53:36 -0700 Subject: [PATCH 08/28] Removed existing dork --- github-dorks.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/github-dorks.txt b/github-dorks.txt index bd57188..02a8bde 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -77,6 +77,5 @@ filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode -filename:sftp-config.json filename:WebServers.xml From 1da777e7cc301a152637360d375145ac551d7afb Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 17:24:19 -0700 Subject: [PATCH 09/28] Quick typo fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f4b4812..028a774 100644 --- a/README.md +++ b/README.md @@ -124,4 +124,4 @@ filename:.ftpconfig | Created by remote-ssh for Atom filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials -filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) From 3e22f76c5a6eb88b18ed06d7ebde3a2521432b44 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 8 Sep 2019 23:04:08 -0600 Subject: [PATCH 10/28] Add Rails' master.key to dorks list (#37) * Add Rails' master.key to dorks list Rails 5.2+ has a `config/credentials.yml.enc` file and `config/master.key` to decrypt it. If you decrypt the `credentials.yml.enc` file using this key, it'll have the secret key base that Rails uses to protect cookies. It may also have other credentials if the user added them, e.g. AWS keys. See this article for more info: https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2 * Add path to master.key dork. To get rid of false positives. By default, Rails generates the master.key at config/master.key. * Updated readme with new dorks --- README.md | 2 ++ github-dorks.txt | 1 + 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 028a774..3364b8f 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:secrets.yml password | Usernames/passwords, Rails applications +filename:master.key path:config | Rails master key (used for decrypting `credentials.yml.enc` for Rails 5.2+) filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials diff --git a/github-dorks.txt b/github-dorks.txt index d056518..8bcd5ec 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,6 +73,7 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:master.key path:config filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json From ac14fecef1155ce2b9d5ce2b1777a71d8d2e473b Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 17 May 2020 12:37:00 -0500 Subject: [PATCH 11/28] bugfix: return instead of raise closes #38 --- github-dork.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-dork.py b/github-dork.py index b62f70f..1ca7274 100644 --- a/github-dork.py +++ b/github-dork.py @@ -27,7 +27,7 @@ def search_wrapper(gen): try: yield next(gen) except StopIteration: - raise + return except github.exceptions.ForbiddenError as e: search_rate_limit = gh.rate_limit()['resources']['search'] # limit_remaining = search_rate_limit['remaining'] From 07e04721b0a78c978cb145c57aa113f4cc92edf3 Mon Sep 17 00:00:00 2001 From: techgaun Date: Tue, 19 May 2020 22:41:34 -0500 Subject: [PATCH 12/28] add funding info --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..1f487de --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: techgaun From a6dc3873166878f0489094a97a1c12a7bd09df53 Mon Sep 17 00:00:00 2001 From: verdantfire Date: Mon, 26 Oct 2020 18:41:13 +0530 Subject: [PATCH 13/28] Readability changes to README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3364b8f..58ca490 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Github Dorks -[Github search](https://github.com/search) is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. +[Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. ### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. #### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. @@ -14,18 +14,18 @@ pip install -r requirements.txt #### Usage ``` -GH_USER - Environment variable to specify github user +GH_USER - Environment variable to specify Github user GH_PWD - Environment variable to specify password -GH_TOKEN - Environment variable to specify github token +GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search single repo +python github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of user +python github-dork.py -u techgaun # search all repos of a user python github-dork.py -u dev-nepal # search all repos of an organization @@ -43,10 +43,10 @@ GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search - ~~Handle rate limit and retry. PR welcome~~ ### Contribution -Please consider contributing the dorks that can reveal potentially sensitive information in github. +Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks -I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). +I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description ------------------------------------------------|-------------------------------------------------------------------------- From 1a37c436421135efb2dcbdb1f131c3260b20e504 Mon Sep 17 00:00:00 2001 From: David McKennirey Date: Sun, 10 Jan 2021 10:07:15 -0500 Subject: [PATCH 14/28] Update Github Dorks file to include the jupyter_notebook_config.json file, which saves the hashed password of a jupyter notebook server. (https://jupyter-notebook.readthedocs.io/en/stable/public_server.html\#automatic-password-setup) --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 8bcd5ec..a49724d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -79,4 +79,5 @@ filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml +filename:jupyter_notebook_config.json From 0251305a841f9d6a4567430173660c0c7fc0bca5 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 18 Jan 2021 00:44:32 -0600 Subject: [PATCH 15/28] upgrade feedparser to fix base64 change in python3.9 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9b4e16f..cfe346b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ github3.py==1.0.0a2 -feedparser==5.1.3 +feedparser==6.0.2 From 5a5bdbb946c5044a486f837a540b34d0479ccc7c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:54:57 +0300 Subject: [PATCH 16/28] add telegram API token --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..e3ddb46 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"api_hash" "api_id" | Telegram API token diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..792354c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"api_hash" "api_id" From e0924081d789c2272b2b8f2ac5facca6dc8b9e6a Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:57:09 +0300 Subject: [PATCH 17/28] add slack services --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..12ef5c4 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"https://hooks.slack.com/services/" | Slack services URL often have secret API token as a suffix diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..ab91fd6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"https://hooks.slack.com/services/" From 0273d511c28035d6b6a88bde39c5fdf55f0b03d6 Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:59:40 +0300 Subject: [PATCH 18/28] add github gitlab and discord recovery codes --- README.md | 3 +++ github-dorks.txt | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..f31a54e 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,6 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +filename:github-recovery-codes.txt | GitHub recovery key +filename:gitlab-recovery-codes.txt | GitLab recovery key +filename:discord_backup_codes.txt | Discord recovery key diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..6e67381 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,6 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +filename:github-recovery-codes.txt +filename:gitlab-recovery-codes.txt +filename:discord_backup_codes.txt From c12029ead6708aca4d33da9e447eadf69076b39c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 13:10:26 +0300 Subject: [PATCH 19/28] fix issues with readme according to MD022 'Headings should be surrounded by blank lines' according to MD001 'Heading levels should only increment by one level at a time' use `a basic` not `basic`, `the text file` not `text file` and `a password` not `password` --- README.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 58ca490..d755738 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,26 @@ # Github Dorks + [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. -### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +## GitHub Dork Search Tool + +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file. + +### Installation -#### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. Clone this repository and run: + ```shell pip install -r requirements.txt ``` -#### Usage +### Usage + ``` GH_USER - Environment variable to specify Github user -GH_PWD - Environment variable to specify password +GH_PWD - Environment variable to specify a password GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` @@ -36,16 +41,18 @@ GH_TOKEN= python github-dork.py -u dev-nepal # search GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` -#### Limitations +### Limitations - Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow. - Output formatting is not great. PR welcome - ~~Handle rate limit and retry. PR welcome~~ ### Contribution + Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks + I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description From 327d725f14e182115a832e21692f4b99e6107ad8 Mon Sep 17 00:00:00 2001 From: Hexiro <42787085+Hexiro@users.noreply.github.com> Date: Sun, 3 Oct 2021 19:34:16 -0400 Subject: [PATCH 20/28] add `cloud.redislabs.com` url in yaml/json --- README.md | 2 ++ github-dorks.txt | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..84eb7c5 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,5 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +extension:yaml cloud.redislabs.com | Redis credentials provided by Redis Labs found in a YAML file +extension:json cloud.redislabs.com | Redis credentials provided by Redis Labs found in a JSON file diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..753d824 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,5 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +extension:yaml cloud.redislabs.com +extension:json cloud.redislabs.com From c7e4c684ba96bb0713511e449f1cd7a825b3ab4b Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 14:57:48 +0100 Subject: [PATCH 21/28] Add setup.py This commit adds a setup.py file to allow users to install github-dorks more easily. --- README.md | 14 +++++++------- setup.py | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 setup.py diff --git a/README.md b/README.md index 7b51b82..3f24dd5 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk Clone this repository and run: ```shell -pip install -r requirements.txt +pip install . ``` ### Usage @@ -28,17 +28,17 @@ GH_URL - Environment variable to specify GitHub Enterprise base URL Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search a single repo +github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of a user +github-dork.py -u techgaun # search all repos of a user -python github-dork.py -u dev-nepal # search all repos of an organization +github-dork.py -u dev-nepal # search all repos of an organization -GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user +GH_USER=techgaun GH_PWD= github-dork.py -u dev-nepal # search as authenticated user -GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token +GH_TOKEN= github-dork.py -u dev-nepal # search using auth token -GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance +GH_URL=https://github.example.com github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` ### Limitations diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..faadf24 --- /dev/null +++ b/setup.py @@ -0,0 +1,20 @@ +from setuptools import setup + +with open('README.md', 'r') as f: + long_description = f.read() + +setup( + name='github-dorks', + version='0.1', + description='Find leaked secrets via github search.', + license='Apache License 2.0', + long_description=long_description, + author='Samar Dhwoj Acharya (@techgaun)', + long_description_content_type='text/markdown', + scripts=['github-dork.py'], + data_files=[('github-dorks', ['github-dorks.txt'])], + install_requires=[ + 'github3.py==1.0.0a2', + 'feedparser==6.0.2', + ], +) From 27f5385d7c047e21abd7bd252f3ae381f85e0917 Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 15:28:18 +0100 Subject: [PATCH 22/28] Also look for github-dorks.txt in sys.prefix --- github-dork.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/github-dork.py b/github-dork.py index 1ca7274..713cbc1 100644 --- a/github-dork.py +++ b/github-dork.py @@ -7,7 +7,7 @@ import time import feedparser from copy import copy -from sys import stderr +from sys import stderr, prefix gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) @@ -87,7 +87,12 @@ def search(repo_to_search=None, output_filename=None): if gh_dorks_file is None: - gh_dorks_file = 'github-dorks.txt' + for path_prefix in ['.', os.path.join(prefix, 'github-dorks/')]: + filename = os.path.join(path_prefix, 'github-dorks.txt') + if os.path.isfile(filename): + gh_dorks_file = filename + break + if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') if user_to_search: From ab447249f691ace198edd570c8329801153beae8 Mon Sep 17 00:00:00 2001 From: dbfreem Date: Fri, 15 Dec 2023 22:29:03 -0500 Subject: [PATCH 23/28] bumped github3.py dependency --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index faadf24..979e932 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ scripts=['github-dork.py'], data_files=[('github-dorks', ['github-dorks.txt'])], install_requires=[ - 'github3.py==1.0.0a2', + 'github3.py==4.0.1', 'feedparser==6.0.2', ], ) From d50a677beae7b7c2972eba86ab42d28dab57fd35 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya <1886670+techgaun@users.noreply.github.com> Date: Tue, 19 Dec 2023 10:06:50 -0600 Subject: [PATCH 24/28] add datadog api key dork --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index a96b015..c5625a6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -87,3 +87,4 @@ filename:gitlab-recovery-codes.txt filename:discord_backup_codes.txt extension:yaml cloud.redislabs.com extension:json cloud.redislabs.com +DATADOG_API_KEY language:shell From b948dba8c0038ac3041f5dbce079bc6ba74c8840 Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:34:04 -0500 Subject: [PATCH 25/28] build with Dockerfile --- Dockerfile | 31 +++++++++++++++++++++++++++++++ README.md | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0d8ecb9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Use Python 3.8 as base - this version has good compatibility with older packages +FROM python:3.8-slim + +# Set working directory +WORKDIR /app + +# Install git (needed for pip install from git repos) +RUN apt-get update && \ + apt-get install -y git && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Copy only the necessary files +COPY github-dork.py /app/ +COPY github-dorks.txt /app/ +COPY setup.py /app/ +COPY README.md /app/ +COPY requirements.txt /app/ + +# Install dependencies +# Using the specific version of github3.py that's known to work +RUN pip install --no-cache-dir github3.py==1.0.0a2 feedparser==6.0.2 + +# Set environment variables +ENV PYTHONUNBUFFERED=1 +ENV PYTHONIOENCODING=UTF-8 + +# Create volume for potential output files +VOLUME ["/app/output"] + +ENTRYPOINT ["python", "github-dork.py"] \ No newline at end of file diff --git a/README.md b/README.md index 3f24dd5..7daa065 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,24 @@ Clone this repository and run: pip install . ``` +### Docker Installation + +You can also run github-dorks using Docker for a consistent environment: + +```shell +# Build the Docker image +docker build -t github-dorks . + +# Run with a GitHub token (recommended) +docker run -e GH_TOKEN=your_github_token github-dorks -u someuser + +# Run with username/password +docker run -e GH_USER=your_username -e GH_PWD=your_password github-dorks -u someuser + +# Save results to a CSV file +docker run -v $(pwd)/output:/app/output -e GH_TOKEN=your_github_token github-dorks -u someuser -o /app/output/results.csv +``` + ### Usage ``` From 2a6109777e95fdcee5a667ee722586c55564078c Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:37:35 -0500 Subject: [PATCH 26/28] CI: docker build --- .github/workflows/docker-build.yml | 37 ++++++++++++++++++++++++++++++ README.md | 2 ++ 2 files changed, 39 insertions(+) create mode 100644 .github/workflows/docker-build.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..f243f8e --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,37 @@ +name: Docker Build & Test + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: github-dorks:test + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Test Docker image + run: | + # Test the version flag + docker run github-dorks:test -v + + # Basic test with a public repo (no auth needed) + docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt + + - name: Verify image size + run: docker image ls github-dorks:test diff --git a/README.md b/README.md index 7daa065..eb36e4f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Docker Build & Test](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml/badge.svg)](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml) + # Github Dorks [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. From 2395986e18ef75dfa7bc02df849660f2f0483b6d Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:40:55 -0500 Subject: [PATCH 27/28] CI simplify build --- .github/workflows/docker-build.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index f243f8e..8476c21 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -27,11 +27,8 @@ jobs: - name: Test Docker image run: | - # Test the version flag + # Test the version flag with version flag docker run github-dorks:test -v - - # Basic test with a public repo (no auth needed) - docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt - name: Verify image size run: docker image ls github-dorks:test From 21ed3923e445ccc4058375062608eb2387d29132 Mon Sep 17 00:00:00 2001 From: Divyaranjan Sahoo Date: Sun, 5 Oct 2025 20:47:01 +0530 Subject: [PATCH 28/28] chore(ci): add flake8 lint workflow and fix minor lint issue - Add GitHub Actions workflow to run flake8 on push and PR - Align Python version with Dockerfile (3.8) - Fix unused variable in exception handler to satisfy flake8 Refs: #59 --- .github/workflows/lint.yml | 28 ++++++++++++++++++++++++++++ github-dork.py | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..038f261 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,28 @@ +name: Lint (flake8) + +on: + push: + branches: [ "**" ] + pull_request: + branches: [ "**" ] + +jobs: + flake8: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.8' + + - name: Install flake8 + run: | + python -m pip install --upgrade pip + pip install flake8 + + - name: Run flake8 + run: | + flake8 . diff --git a/github-dork.py b/github-dork.py index 713cbc1..2941b04 100644 --- a/github-dork.py +++ b/github-dork.py @@ -28,7 +28,7 @@ def search_wrapper(gen): yield next(gen) except StopIteration: return - except github.exceptions.ForbiddenError as e: + except github.exceptions.ForbiddenError: search_rate_limit = gh.rate_limit()['resources']['search'] # limit_remaining = search_rate_limit['remaining'] reset_time = search_rate_limit['reset']