From 0a843c3cdf1b00bbd2ccc063f04524807a3d299e Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya Date: Fri, 27 Nov 2015 13:46:26 +0545 Subject: [PATCH 01/60] Update README.md Add more dorks --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index d42c8e7..876816f 100644 --- a/README.md +++ b/README.md @@ -57,4 +57,16 @@ jsforce extension:js conn.login # possible salesforce credentials in nodejs proj SF_USERNAME "salesforce" # possible salesforce credentials filename:.tugboat NOT "_tugboat" # Digital Ocean tugboat config + +HEROKU_API_KEY language:shell # Heroku api keys + +HEROKU_API_KEY language:json # Heroku api keys in json files + +filename:.netrc password # netrc that possibly holds sensitive credentials + +filename:_netrc password # netrc that possibly holds sensitive credentials + +filename:hub oauth_token # hub config that stores github tokens + +filename:robomongo.json # mongodb credentials file used by robomongo ``` From 316320a15e03a533a6192847e61aadf1cc65008d Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya Date: Fri, 27 Nov 2015 14:39:44 +0545 Subject: [PATCH 02/60] Add more github dorks Adds dorks related to filezilla, docker, intellij, dbs, irc, etc. --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 876816f..246afad 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,18 @@ filename:_netrc password # netrc that possibly holds sensitive credentials filename:hub oauth_token # hub config that stores github tokens filename:robomongo.json # mongodb credentials file used by robomongo + +filename:filezilla.xml Pass # filezilla config file with possible user/pass to ftp + +filename:recentservers.xml Pass # filezilla config file with possible user/pass to ftp + +filename:config.json auths # docker registry authentication data + +filename:idea14.key # IntelliJ Idea 14 key, try variations for other versions + +filename:config irc_pass # possible IRC config + +filename:connections.xml # possible db connections configuration, try variations to be specific + +filename:express.conf path:.openshift # openshift config, only email and server though ``` From 75bf80ddc39756c64406b8eb044c33b9de5e5aea Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 29 Nov 2015 02:05:56 +0545 Subject: [PATCH 03/60] add a github dork checker tool --- README.md | 39 +++++++++++++++++ github-dork.py | 98 +++++++++++++++++++++++++++++++++++++++++++ github-dorks-test.txt | 3 ++ github-dorks.txt | 38 +++++++++++++++++ requirements.txt | 1 + 5 files changed, 179 insertions(+) create mode 100644 github-dork.py create mode 100644 github-dorks-test.txt create mode 100644 github-dorks.txt create mode 100644 requirements.txt diff --git a/README.md b/README.md index 246afad..f41116c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,45 @@ # Github Dorks [Github search](https://github.com/search) is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. +### GitHub Dork Search Tool +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. + +#### Installation +This tool uses [pygithub3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. + +Clone this repository and run: +```shell +pip install -r requirements.txt +``` + +#### Usage + +``` +GH_USER - Environment variable to specify github user +GH_PWD - Environment variable to specify password +GH_TOKEN - Environment variable to specify github token +``` + +Some example usages are listed below: + +```shell +python github-dork.py -r techgaun/github-dorks # search single repo + +python github-dork.py -u techgaun # search all repos of user + +python github-dork.py -u dev-nepal # search all repos of an organization + +GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user + +GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token +``` + +#### Limitations + +- Authenticated requests get a higher rate limit. But, you can still hit limit with user/org with too many repos or even with large repos or large number of dorks. This is a major limitation, imo, at the moment for this tool. +- Output formatting is not great. PR welcome +- Handle rate limit and retry. PR welcome + ### Contribution Please consider contributing the dorks that can reveal potentially senstive information in github. diff --git a/github-dork.py b/github-dork.py new file mode 100644 index 0000000..caca94f --- /dev/null +++ b/github-dork.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- encoding: utf-8 -*- + + +import github3 as github +import os +import argparse +from time import sleep + + +gh_user = os.getenv('GH_USER', None) +gh_pass = os.getenv('GH_PWD', None) +gh_token = os.getenv('GH_TOKEN', None) +gh_dorks_file = "github-dorks.txt" + +gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) + + +def search(repo_to_search=None, user_to_search=None): + found = False + with open(gh_dorks_file, 'r') as dork_file: + for dork in dork_file: + dork = dork.strip() + addendum = '' + if repo_to_search is not None: + addendum = ' repo:' + repo_to_search + elif user_to_search is not None: + addendum = ' user:' + user_to_search + + dork = dork + addendum + search_results = gh.search_code(dork) + try: + for search_result in search_results: + found = True + fmt_args = { + 'dork': dork, + 'text_matches': search_result.text_matches, + 'path': search_result.path, + 'score': search_result.score, + 'url': search_result.html_url + } + print( + '''Found result for {dork} +Text matches: {text_matches} +File path: {path} +Score/Relevance: {score} +URL of File: {url} + '''.format(**fmt_args) + ) + except github.exceptions.ForbiddenError as e: + print(e) + # need to retry in case of API rate limit reached + # note done yet + except github.exceptions.GitHubError as e: + print('GitHubError encountered on search of dork: ' + dork) + print(e) + except Exception as e: + print('Error encountered on search of dork: ' + dork) + + if not found: + print('No results for your dork search' + addendum + '. Hurray!') + + +def main(): + parser = argparse.ArgumentParser( + description='Search github for github dorks', + epilog='Use responsibly, Enjoy pentesting' + ) + parser.add_argument( + '-v', + '--version', + action='version', + version='%(prog)s 0.1.0' + ) + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument( + '-u', + '--user', + dest='user_to_search', + action='store', + help='Github user/org to search within. Eg: techgaun' + ) + group.add_argument( + '-r', + '--repo', + dest='repo_to_search', + action='store', + help='Github repo to search within. Eg: techgaun/github-dorks' + ) + + args = parser.parse_args() + search( + repo_to_search=args.repo_to_search, + user_to_search=args.user_to_search + ) + +if __name__ == '__main__': + main() diff --git a/github-dorks-test.txt b/github-dorks-test.txt new file mode 100644 index 0000000..7f5abcc --- /dev/null +++ b/github-dorks-test.txt @@ -0,0 +1,3 @@ +filename:.npmrc _auth +filename:.dockercfg auth +extension:md diff --git a/github-dorks.txt b/github-dorks.txt new file mode 100644 index 0000000..94941f2 --- /dev/null +++ b/github-dorks.txt @@ -0,0 +1,38 @@ +filename:.npmrc _auth +filename:.dockercfg auth +extension:pem private +extension:ppk private +filename:id_rsa or filename:id_dsa +extension:sql mysql dump +extension:sql mysql dump password +filename:credentials aws_access_key_id +filename:.s3cfg +filename:wp-config.php +filename:.htpasswd +filename:.env DB_USERNAME NOT homestead +filename:.env MAIL_HOST=smtp.gmail.com +filename:.git-credentials +PT_TOKEN language:bash +filename:.bashrc password +filename:.bashrc mailchimp +filename:.bash_profile aws +rds.amazonaws.com password +extension:json api.forecast.io +extension:json mongolab.com +extension:yaml mongolab.com +jsforce extension:js conn.login +SF_USERNAME "salesforce" +filename:.tugboat NOT "_tugboat" +HEROKU_API_KEY language:shell +HEROKU_API_KEY language:json +filename:.netrc password +filename:_netrc password +filename:hub oauth_token +filename:robomongo.json +filename:filezilla.xml Pass +filename:recentservers.xml Pass +filename:config.json auths +filename:idea14.key +filename:config irc_pass +filename:connections.xml +filename:express.conf path:.openshift diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..2aeb53d --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +github3.py==1.0.0a2 From 0d7a4278d1e5226873c45bce21a6fec8ba030ee1 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya Date: Sun, 29 Nov 2015 02:30:15 +0545 Subject: [PATCH 04/60] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f41116c..f600550 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. #### Installation -This tool uses [pygithub3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. +This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. Clone this repository and run: ```shell From 5b55877a02fdc471bf5cbe48c318783506236024 Mon Sep 17 00:00:00 2001 From: Jitendra Date: Sun, 29 Nov 2015 10:27:27 +0545 Subject: [PATCH 05/60] parameterize the dork file (--dork/-d), make possible to have comments(line starting with ; or #) and spaces in dork file --- github-dork.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/github-dork.py b/github-dork.py index caca94f..24d71c0 100644 --- a/github-dork.py +++ b/github-dork.py @@ -11,16 +11,22 @@ gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) gh_token = os.getenv('GH_TOKEN', None) -gh_dorks_file = "github-dorks.txt" gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) -def search(repo_to_search=None, user_to_search=None): +def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): + if gh_dorks_file is None: + gh_dorks_file = 'github-dorks.txt' + if not os.path.isfile(gh_dorks_file): + raise Exception('Error, the dorks file path is not valid') + found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: dork = dork.strip() + if not dork or dork[0] in '#;': + continue addendum = '' if repo_to_search is not None: addendum = ' repo:' + repo_to_search @@ -88,10 +94,19 @@ def main(): help='Github repo to search within. Eg: techgaun/github-dorks' ) + parser.add_argument( + '-d', + '--dork', + dest='gh_dorks_file', + action='store', + help='Github dorks file. Eg: github-dorks.txt' + ) + args = parser.parse_args() search( repo_to_search=args.repo_to_search, - user_to_search=args.user_to_search + user_to_search=args.user_to_search, + gh_dorks_file=args.gh_dorks_file ) if __name__ == '__main__': From a8fccb3f28d63adc03b2ffa6a87323e4cd41b884 Mon Sep 17 00:00:00 2001 From: Saugat Acharya Date: Sun, 29 Nov 2015 14:35:17 +0545 Subject: [PATCH 06/60] Add .pgpass to dorks list Postgres PASSWORD file. --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 94941f2..788babc 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -36,3 +36,4 @@ filename:idea14.key filename:config irc_pass filename:connections.xml filename:express.conf path:.openshift +filename:.pgpass From 0b64458816a17686a06b2113fe488922464da58e Mon Sep 17 00:00:00 2001 From: Saugat Acharya Date: Sun, 29 Nov 2015 19:15:02 +0545 Subject: [PATCH 07/60] Return if github exception --- github-dork.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/github-dork.py b/github-dork.py index 24d71c0..91ad10d 100644 --- a/github-dork.py +++ b/github-dork.py @@ -45,21 +45,23 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): 'score': search_result.score, 'url': search_result.html_url } - print( - '''Found result for {dork} -Text matches: {text_matches} -File path: {path} -Score/Relevance: {score} -URL of File: {url} + print(''' + Found result for {dork} + Text matches: {text_matches} + File path: {path} + Score/Relevance: {score} + URL of File: {url} '''.format(**fmt_args) ) except github.exceptions.ForbiddenError as e: print(e) + return # need to retry in case of API rate limit reached - # note done yet + # not done yet except github.exceptions.GitHubError as e: print('GitHubError encountered on search of dork: ' + dork) print(e) + return except Exception as e: print('Error encountered on search of dork: ' + dork) @@ -72,12 +74,14 @@ def main(): description='Search github for github dorks', epilog='Use responsibly, Enjoy pentesting' ) + parser.add_argument( '-v', '--version', action='version', version='%(prog)s 0.1.0' ) + group = parser.add_mutually_exclusive_group(required=True) group.add_argument( '-u', @@ -86,6 +90,7 @@ def main(): action='store', help='Github user/org to search within. Eg: techgaun' ) + group.add_argument( '-r', '--repo', From 8e0352a23d2e49717a814d1e7c14c593b94caf20 Mon Sep 17 00:00:00 2001 From: Saugat Acharya Date: Sun, 29 Nov 2015 19:23:22 +0545 Subject: [PATCH 08/60] Make dork list cleaner --- README.md | 135 ++++++++++++++++++++---------------------------------- 1 file changed, 49 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index f600550..bd2edc5 100644 --- a/README.md +++ b/README.md @@ -13,25 +13,24 @@ pip install -r requirements.txt ``` #### Usage - ``` -GH_USER - Environment variable to specify github user -GH_PWD - Environment variable to specify password +GH_USER - Environment variable to specify github user +GH_PWD - Environment variable to specify password GH_TOKEN - Environment variable to specify github token ``` Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search single repo +python github-dork.py -r techgaun/github-dorks # search single repo -python github-dork.py -u techgaun # search all repos of user +python github-dork.py -u techgaun # search all repos of user -python github-dork.py -u dev-nepal # search all repos of an organization +python github-dork.py -u dev-nepal # search all repos of an organization GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user -GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token +GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token ``` #### Limitations @@ -44,82 +43,46 @@ GH_TOKEN= python github-dork.py -u dev-nepal # search using a Please consider contributing the dorks that can reveal potentially senstive information in github. ### List of Dorks -List of dorks follow. I am not categorizing at the moment. Instead am going to just the list of dorks with optionally a description separated by # in the same line. Many of the dorks can be modified to make the search more specific or generic. You can see more options [HERE](https://github.com/search#search_cheatsheet_pane). - -``` -filename:.npmrc _auth # npm registry authentication data - -filename:.dockercfg auth # docker registry authentication data - -extension:pem private # private keys - -extension:ppk private # puttygen private keys - -filename:id_rsa or filename:id_dsa # private ssh keys - -extension:sql mysql dump # mysql dump - -extension:sql mysql dump password # mysql dump look for password; you can try varieties - -filename:credentials aws_access_key_id # might return false negatives with dummy values - -filename:.s3cfg # might return false negatives with dummy values - -filename:wp-config.php # wordpress config files - -filename:.htpasswd # htpasswd files - -filename:.env DB_USERNAME NOT homestead # laravel .env (CI, various ruby based frameworks too) - -filename:.env MAIL_HOST=smtp.gmail.com # gmail smtp configuration (try different smtp services too) - -filename:.git-credentials # git credentials store, add NOT username for more valid results - -PT_TOKEN language:bash # pivotaltracker tokens - -filename:.bashrc password # search for passwords, etc. in .bashrc (try with .bash_profile too) - -filename:.bashrc mailchimp # variation of above (try more variations) - -filename:.bash_profile aws # aws access and secret keys - -rds.amazonaws.com password # Amazon RDS possible credentials - -extension:json api.forecast.io # try variations, find api keys/secrets - -extension:json mongolab.com # mongolab credentials in json configs - -extension:yaml mongolab.com # mongolab credentials in yaml configs (try with yml) - -jsforce extension:js conn.login # possible salesforce credentials in nodejs projects - -SF_USERNAME "salesforce" # possible salesforce credentials - -filename:.tugboat NOT "_tugboat" # Digital Ocean tugboat config - -HEROKU_API_KEY language:shell # Heroku api keys - -HEROKU_API_KEY language:json # Heroku api keys in json files - -filename:.netrc password # netrc that possibly holds sensitive credentials - -filename:_netrc password # netrc that possibly holds sensitive credentials - -filename:hub oauth_token # hub config that stores github tokens - -filename:robomongo.json # mongodb credentials file used by robomongo - -filename:filezilla.xml Pass # filezilla config file with possible user/pass to ftp - -filename:recentservers.xml Pass # filezilla config file with possible user/pass to ftp - -filename:config.json auths # docker registry authentication data - -filename:idea14.key # IntelliJ Idea 14 key, try variations for other versions - -filename:config irc_pass # possible IRC config - -filename:connections.xml # possible db connections configuration, try variations to be specific - -filename:express.conf path:.openshift # openshift config, only email and server though -``` +I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). + + Dork | Description +------------------------------------------------|-------------------------------------------------------------------------- +filename:.npmrc _auth | npm registry authentication data +filename:.dockercfg auth | docker registry authentication data +extension:pem private | private keys +extension:ppk private | puttygen private keys +filename:id_rsa or filename:id_dsa | private ssh keys +extension:sql mysql dump | mysql dump +extension:sql mysql dump password | mysql dump look for password; you can try varieties +filename:credentials aws_access_key_id | might return false negatives with dummy values +filename:.s3cfg | might return false negatives with dummy values +filename:wp-config.php | wordpress config files +filename:.htpasswd | htpasswd files +filename:.env DB_USERNAME NOT homestead | laravel .env (CI, various ruby based frameworks too) +filename:.env MAIL_HOST=smtp.gmail.com | gmail smtp configuration (try different smtp services too) +filename:.git-credentials | git credentials store, add NOT username for more valid results +PT_TOKEN language:bash | pivotaltracker tokens +filename:.bashrc password | search for passwords, etc. in .bashrc (try with .bash_profile too) +filename:.bashrc mailchimp | variation of above (try more variations) +filename:.bash_profile aws | aws access and secret keys +rds.amazonaws.com password | Amazon RDS possible credentials +extension:json api.forecast.io | try variations, find api keys/secrets +extension:json mongolab.com | mongolab credentials in json configs +extension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml) +jsforce extension:js conn.login | possible salesforce credentials in nodejs projects +SF_USERNAME "salesforce" | possible salesforce credentials +filename:.tugboat NOT "_tugboat" | Digital Ocean tugboat config +HEROKU_API_KEY language:shell | Heroku api keys +HEROKU_API_KEY language:json | Heroku api keys in json files +filename:.netrc password | netrc that possibly holds sensitive credentials +filename:_netrc password | netrc that possibly holds sensitive credentials +filename:hub oauth_token | hub config that stores github tokens +filename:robomongo.json | mongodb credentials file used by robomongo +filename:filezilla.xml Pass | filezilla config file with possible user/pass to ftp +filename:recentservers.xml Pass | filezilla config file with possible user/pass to ftp +filename:config.json auths | docker registry authentication data +filename:idea14.key | IntelliJ Idea 14 key, try variations for other versions +filename:config irc_pass | possible IRC config +filename:connections.xml | possible db connections configuration, try variations to be specific +filename:express.conf path:.openshift | openshift config, only email and server thou +filename:.pgpass | PostgreSQL file which can contain passwords From 54a9d6c51472af49a8f327031472a8d53b48a630 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 30 Nov 2015 17:25:49 +0545 Subject: [PATCH 09/60] update formatting --- github-dork.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/github-dork.py b/github-dork.py index 91ad10d..9537b1c 100644 --- a/github-dork.py +++ b/github-dork.py @@ -5,7 +5,6 @@ import github3 as github import os import argparse -from time import sleep gh_user = os.getenv('GH_USER', None) @@ -45,14 +44,15 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): 'score': search_result.score, 'url': search_result.html_url } - print(''' - Found result for {dork} - Text matches: {text_matches} - File path: {path} - Score/Relevance: {score} - URL of File: {url} - '''.format(**fmt_args) - ) + result = '\n'.join([ + 'Found result for {dork}', + 'Text matches: {text_matches}', + 'File path: {path}', + 'Score/Relevance: {score}', + 'URL of File: {url}', + '' + ]).format(**fmt_args) + print(result) except github.exceptions.ForbiddenError as e: print(e) return @@ -74,14 +74,14 @@ def main(): description='Search github for github dorks', epilog='Use responsibly, Enjoy pentesting' ) - + parser.add_argument( '-v', '--version', action='version', version='%(prog)s 0.1.0' ) - + group = parser.add_mutually_exclusive_group(required=True) group.add_argument( '-u', @@ -90,7 +90,7 @@ def main(): action='store', help='Github user/org to search within. Eg: techgaun' ) - + group.add_argument( '-r', '--repo', From 456e710f0e212cf3631cacc44409748d73374d18 Mon Sep 17 00:00:00 2001 From: techgaun Date: Thu, 28 Jan 2016 14:18:51 -0600 Subject: [PATCH 10/60] adapted some ghdb dorks --- README.md | 4 ++++ github-dorks.txt | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index bd2edc5..c0bd4e8 100644 --- a/README.md +++ b/README.md @@ -86,3 +86,7 @@ filename:config irc_pass | possible IRC config filename:connections.xml | possible db connections configuration, try variations to be specific filename:express.conf path:.openshift | openshift config, only email and server thou filename:.pgpass | PostgreSQL file which can contain passwords +filename:proftpdpasswd | Usernames and passwords of proftpd created by cpanel +filename:ventrilo_srv.ini | Ventrilo configuration +[WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers +filename:server.cfg rcon password | Counter Strike RCON Passwords diff --git a/github-dorks.txt b/github-dorks.txt index 788babc..ef4bc4a 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -37,3 +37,7 @@ filename:config irc_pass filename:connections.xml filename:express.conf path:.openshift filename:.pgpass +filename:proftpdpasswd +filename:ventrilo_srv.ini +[WFClient] Password= extension:ica +filename:server.cfg rcon password From 463f84c4372400363750645ca8d8e3d3f9bfb242 Mon Sep 17 00:00:00 2001 From: Brightergy-SamarAcharya Date: Fri, 11 Mar 2016 09:15:41 -0600 Subject: [PATCH 11/60] add jekyll gh token --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index c0bd4e8..e72a20c 100644 --- a/README.md +++ b/README.md @@ -90,3 +90,4 @@ filename:proftpdpasswd | Usernames and passwords of pro filename:ventrilo_srv.ini | Ventrilo configuration [WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers filename:server.cfg rcon password | Counter Strike RCON Passwords +JEKYLL_GITHUB_TOKEN | Github tokens used for jekyll diff --git a/github-dorks.txt b/github-dorks.txt index ef4bc4a..b6cc78c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -41,3 +41,4 @@ filename:proftpdpasswd filename:ventrilo_srv.ini [WFClient] Password= extension:ica filename:server.cfg rcon password +JEKYLL_GITHUB_TOKEN From 37d27dc5853bb0062e85b44a765d3617bd7a3236 Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 11 Mar 2016 09:15:41 -0600 Subject: [PATCH 12/60] add jekyll gh token --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index c0bd4e8..e72a20c 100644 --- a/README.md +++ b/README.md @@ -90,3 +90,4 @@ filename:proftpdpasswd | Usernames and passwords of pro filename:ventrilo_srv.ini | Ventrilo configuration [WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers filename:server.cfg rcon password | Counter Strike RCON Passwords +JEKYLL_GITHUB_TOKEN | Github tokens used for jekyll diff --git a/github-dorks.txt b/github-dorks.txt index ef4bc4a..b6cc78c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -41,3 +41,4 @@ filename:proftpdpasswd filename:ventrilo_srv.ini [WFClient] Password= extension:ica filename:server.cfg rcon password +JEKYLL_GITHUB_TOKEN From b915e205532a5a38efaf5e0a6807ecb1a7d94d01 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 28 Mar 2016 21:52:17 -0500 Subject: [PATCH 13/60] add some more dorks --- README.md | 6 ++++++ github-dorks.txt | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/README.md b/README.md index e72a20c..3d917be 100644 --- a/README.md +++ b/README.md @@ -91,3 +91,9 @@ filename:ventrilo_srv.ini | Ventrilo configuration [WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers filename:server.cfg rcon password | Counter Strike RCON Passwords JEKYLL_GITHUB_TOKEN | Github tokens used for jekyll +filename:.bash_history | Bash history file +filename:.cshrc | RC file for csh shell +filename:.history | history file (often used by many tools) +filename:.sh_history | korn shell history +filename:sshd_config | OpenSSH server config +filename:dhcpd.conf | DHCP service config diff --git a/github-dorks.txt b/github-dorks.txt index b6cc78c..6932ad3 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -42,3 +42,9 @@ filename:ventrilo_srv.ini [WFClient] Password= extension:ica filename:server.cfg rcon password JEKYLL_GITHUB_TOKEN +filename:.bash_history +filename:.cshrc +filename:.history +filename:.sh_history +filename:sshd_config +filename:dhcpd.conf From 382de231748987e1b1a0c9b38bb5e317d3fa1ed6 Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 13 May 2016 12:02:53 -0500 Subject: [PATCH 14/60] add phoenix secrets --- README.md | 2 ++ github-dorks.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 3d917be..f541c3f 100644 --- a/README.md +++ b/README.md @@ -97,3 +97,5 @@ filename:.history | history file (often used by ma filename:.sh_history | korn shell history filename:sshd_config | OpenSSH server config filename:dhcpd.conf | DHCP service config +filename:prod.exs NOT "prod.secret.exs" | Phoenix prod configuration file +filename:prod.secret.exs | Phoenix prod secret diff --git a/github-dorks.txt b/github-dorks.txt index 6932ad3..98a4341 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -48,3 +48,5 @@ filename:.history filename:.sh_history filename:sshd_config filename:dhcpd.conf +filename:prod.exs NOT "prod.secret.exs" +filename:prod.secret.exs From 0c490196ff2cbbfd4c349eac2e04a6a50c713c00 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sat, 14 May 2016 03:39:20 -0500 Subject: [PATCH 15/60] fixes #5 - handle 403 forbidden and wait when api rate limit is hit --- README.md | 6 +++--- github-dork.py | 33 +++++++++++++++++++++++++-------- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index f541c3f..d0e2c4d 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,12 @@ GH_TOKEN= python github-dork.py -u dev-nepal # search #### Limitations -- Authenticated requests get a higher rate limit. But, you can still hit limit with user/org with too many repos or even with large repos or large number of dorks. This is a major limitation, imo, at the moment for this tool. +- Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow. - Output formatting is not great. PR welcome -- Handle rate limit and retry. PR welcome +- ~~Handle rate limit and retry. PR welcome~~ ### Contribution -Please consider contributing the dorks that can reveal potentially senstive information in github. +Please consider contributing the dorks that can reveal potentially sensitive information in github. ### List of Dorks I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). diff --git a/github-dork.py b/github-dork.py index 9537b1c..cf381ca 100644 --- a/github-dork.py +++ b/github-dork.py @@ -5,6 +5,9 @@ import github3 as github import os import argparse +import time +from copy import copy +from sys import stderr gh_user = os.getenv('GH_USER', None) @@ -13,6 +16,24 @@ gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) +def search_wrapper(gen): + while True: + gen_back = copy(gen) + try: + yield next(gen) + except StopIteration: + raise + except github.exceptions.ForbiddenError as e: + search_rate_limit = gh.rate_limit()['resources']['search'] + limit_remaining = search_rate_limit['remaining'] + reset_time = search_rate_limit['reset'] + current_time = int(time.time()) + sleep_time = reset_time - current_time + 1 + stderr.write('GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' %(sleep_time)) + time.sleep(sleep_time) + yield next(gen_back) + except Exception as e: + raise e def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): if gh_dorks_file is None: @@ -27,13 +48,13 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): if not dork or dork[0] in '#;': continue addendum = '' - if repo_to_search is not None: + if repo_to_search: addendum = ' repo:' + repo_to_search - elif user_to_search is not None: + elif user_to_search: addendum = ' user:' + user_to_search dork = dork + addendum - search_results = gh.search_code(dork) + search_results = search_wrapper(gh.search_code(dork)) try: for search_result in search_results: found = True @@ -53,16 +74,12 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): '' ]).format(**fmt_args) print(result) - except github.exceptions.ForbiddenError as e: - print(e) - return - # need to retry in case of API rate limit reached - # not done yet except github.exceptions.GitHubError as e: print('GitHubError encountered on search of dork: ' + dork) print(e) return except Exception as e: + print(e) print('Error encountered on search of dork: ' + dork) if not found: From 41e89d0910df2c5b0023ba277c2d297a2c3870a4 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 25 Jun 2016 10:58:15 -0600 Subject: [PATCH 16/60] Add some dorks for PHP-based webapps and CMS frameworks. (#8) --- README.md | 3 +++ github-dorks.txt | 3 +++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index d0e2c4d..7a9b06a 100644 --- a/README.md +++ b/README.md @@ -99,3 +99,6 @@ filename:sshd_config | OpenSSH server config filename:dhcpd.conf | DHCP service config filename:prod.exs NOT "prod.secret.exs" | Phoenix prod configuration file filename:prod.secret.exs | Phoenix prod secret +filename:configuration.php JConfig password | Joomla configuration file +filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) +path:sites databases password | Drupal website database credentials diff --git a/github-dorks.txt b/github-dorks.txt index 98a4341..5d5069c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -50,3 +50,6 @@ filename:sshd_config filename:dhcpd.conf filename:prod.exs NOT "prod.secret.exs" filename:prod.secret.exs +filename:configuration.php JConfig password +filename:config.php dbpasswd +path:sites databases password From df70a79e5540f39dd13c61685d97969a0b1adf97 Mon Sep 17 00:00:00 2001 From: "@ffranz" Date: Fri, 12 Aug 2016 11:46:05 -0400 Subject: [PATCH 17/60] Some dorks (#9) * Update github-dorks.txt Add dork in order to find Shodan.io API keys. * Update github-dorks.txt Add generic dork focus on config.php files that contains pass string * Update github-dorks.txt Search for Unix shadow files --- github-dorks.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/github-dorks.txt b/github-dorks.txt index 5d5069c..e7ccc43 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -52,4 +52,10 @@ filename:prod.exs NOT "prod.secret.exs" filename:prod.secret.exs filename:configuration.php JConfig password filename:config.php dbpasswd +filename:config.php pass path:sites databases password +shodan_api_key language:python +shodan_api_key language:shell +shodan_api_key language:json +shodan_api_key language:ruby +filename:shadow path:etc From a8078fb1b8382e095fe3cd57b86ea5505e89d5fc Mon Sep 17 00:00:00 2001 From: crdotson Date: Thu, 1 Sep 2016 15:57:22 -0400 Subject: [PATCH 18/60] Add support for GitHub Enterprise (#10) * Add support for GitHub Enterprise Allows you to set the GH_URL environment variable, which will cause github-dork to connect to that URL instead of github.com. * Add support for GitHub Enterprise --- README.md | 3 +++ github-dork.py | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a9b06a..5d1647c 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ pip install -r requirements.txt GH_USER - Environment variable to specify github user GH_PWD - Environment variable to specify password GH_TOKEN - Environment variable to specify github token +GH_URL - Environment variable to specify GitHub Enterprise base URL ``` Some example usages are listed below: @@ -31,6 +32,8 @@ python github-dork.py -u dev-nepal # search GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token + +GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` #### Limitations diff --git a/github-dork.py b/github-dork.py index cf381ca..9e2e83f 100644 --- a/github-dork.py +++ b/github-dork.py @@ -13,8 +13,12 @@ gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) gh_token = os.getenv('GH_TOKEN', None) +gh_url = os.getenv('GH_URL', None) -gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) +if gh_url is None: + gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) +else: + gh = github.GitHubEnterprise(url=gh_url, username=gh_user, password=gh_pass, token=gh_token) def search_wrapper(gen): while True: From b936cfc90d16ef2b1bbfc0856e26295b63d66b6a Mon Sep 17 00:00:00 2001 From: "@ffranz" Date: Fri, 9 Sep 2016 16:22:42 +0200 Subject: [PATCH 19/60] Adding capability to keep dorking across user news feed (#12) * Update github-dorks.txt Add dork in order to find Shodan.io API keys. * Update github-dorks.txt Add generic dork focus on config.php files that contains pass string * Update github-dorks.txt Search for Unix shadow files * Add monitoring mode * solve indent problems and py3 support * Solve problems related indent and add Python3 support --- github-dork.py | 54 +++++++++++++++++++++++++++++++++++++++++++----- requirements.txt | 1 + 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/github-dork.py b/github-dork.py index 9e2e83f..c78abe1 100644 --- a/github-dork.py +++ b/github-dork.py @@ -6,6 +6,7 @@ import os import argparse import time +import feedparser from copy import copy from sys import stderr @@ -39,12 +40,45 @@ def search_wrapper(gen): except Exception as e: raise e -def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): +def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, refresh_time=60): + if active_monit is None: + search( + repo_to_search, + user_to_search, + gh_dorks_file, + active_monit + ) + else: + monit( + gh_dorks_file, + active_monit, + refresh_time + ) + +def monit(gh_dorks_file=None,active_monit=None,refresh_time=60): + if gh_user is None: + raise Exception('Error, env Github user variable needed') + else: + print("Monitoring user private feed searching new code to be 'dorked'. Every new merged pull request trigger user scan.") + print("-----") + items_history = list() + gh_private_feed = "https://github.com/"+gh_user+".private.atom?token="+active_monit + while True: + feed = feedparser.parse( gh_private_feed ) + for i in feed['items']: + if "merged pull" in i["title"]: + if i["title"] not in items_history: + search(user_to_search=i["author_detail"]["name"],gh_dorks_file=gh_dorks_file) + items_history.append(i["title"]) + print("Waiting for new items...") + time.sleep(refresh_time) + +def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - + print("Scannig user: ", user_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: @@ -100,7 +134,7 @@ def main(): '-v', '--version', action='version', - version='%(prog)s 0.1.0' + version='%(prog)s 0.1.1' ) group = parser.add_mutually_exclusive_group(required=True) @@ -128,12 +162,22 @@ def main(): help='Github dorks file. Eg: github-dorks.txt' ) + group.add_argument( + '-m', + '--monit', + dest='active_monit', + action='store', + help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + ) + args = parser.parse_args() - search( + metasearch( repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, - gh_dorks_file=args.gh_dorks_file + gh_dorks_file=args.gh_dorks_file, + active_monit=args.active_monit ) if __name__ == '__main__': main() + diff --git a/requirements.txt b/requirements.txt index 2aeb53d..9b4e16f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ github3.py==1.0.0a2 +feedparser==5.1.3 From 46e3e304bda36596474a3af9dbd468bdafb2fba4 Mon Sep 17 00:00:00 2001 From: Saugat Acharya Date: Wed, 26 Oct 2016 22:13:22 +0545 Subject: [PATCH 20/60] Update README.md with new dorks (#13) --- README.md | 3 +++ github-dorks.txt | 1 + 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 5d1647c..fbfb0d0 100644 --- a/README.md +++ b/README.md @@ -105,3 +105,6 @@ filename:prod.secret.exs | Phoenix prod secret filename:configuration.php JConfig password | Joomla configuration file filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) path:sites databases password | Drupal website database credentials +shodan_api_key language:python | Shodan API keys (try other languages too) +filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems +filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems diff --git a/github-dorks.txt b/github-dorks.txt index e7ccc43..2298938 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -59,3 +59,4 @@ shodan_api_key language:shell shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc +filename:passwd path:etc From 0a00f6adbec4ebf7b299212619c00aa1ba887500 Mon Sep 17 00:00:00 2001 From: Sriram Venkatesh Date: Tue, 22 Nov 2016 15:45:52 +1300 Subject: [PATCH 21/60] Fixing spelling mistake in script output (#14) --- github-dork.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-dork.py b/github-dork.py index c78abe1..6fd596d 100644 --- a/github-dork.py +++ b/github-dork.py @@ -78,7 +78,7 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - print("Scannig user: ", user_to_search) + print("Scanning user: ", user_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: From cf130aee16035c24d12dda3954057e36cca3d9e8 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 27 Nov 2016 11:49:40 -0700 Subject: [PATCH 22/60] Added a few dorks (#17) * Add avast license keys and DBeaver config file * Update README.md --- README.md | 2 ++ github-dorks.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index fbfb0d0..c24b7d5 100644 --- a/README.md +++ b/README.md @@ -108,3 +108,5 @@ path:sites databases password | Drupal website database creden shodan_api_key language:python | Shodan API keys (try other languages too) filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems +extension:avastlic | Contains license keys for Avast! Antivirus +extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials diff --git a/github-dorks.txt b/github-dorks.txt index 2298938..a53be34 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -60,3 +60,5 @@ shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc filename:passwd path:etc +extension:avastlic +extension:dbeaver-data-sources.xml From 8bf320980523ee4fa7a202bc179f4ceda5f5b41b Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Mon, 28 Nov 2016 17:25:41 -0700 Subject: [PATCH 23/60] Added dork from random forums site (#18) https://the.bytecode.club/showthread.php?tid=529 --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index a53be34..710e394 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -62,3 +62,4 @@ filename:shadow path:etc filename:passwd path:etc extension:avastlic extension:dbeaver-data-sources.xml +filename:sftp-config.json From 6cabcc5f7c3a537d013adc908db1fc1b3311f4d8 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 4 Dec 2016 03:10:27 -0600 Subject: [PATCH 24/60] add esmtprc dork --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index c24b7d5..d69a90c 100644 --- a/README.md +++ b/README.md @@ -110,3 +110,4 @@ filename:shadow path:etc | Contains encrypted passwords a filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems extension:avastlic | Contains license keys for Avast! Antivirus extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials +filename:.esmtprc password | esmtp configuration diff --git a/github-dorks.txt b/github-dorks.txt index 710e394..756b10b 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -63,3 +63,4 @@ filename:passwd path:etc extension:avastlic extension:dbeaver-data-sources.xml filename:sftp-config.json +filename:.esmtprc password From 2f89e86d71aeae7f47eafad5919f6eafb26eac2a Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 4 Dec 2016 03:18:36 -0600 Subject: [PATCH 25/60] minor code refactors --- github-dork.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/github-dork.py b/github-dork.py index 6fd596d..c7d07ae 100644 --- a/github-dork.py +++ b/github-dork.py @@ -21,6 +21,7 @@ else: gh = github.GitHubEnterprise(url=gh_url, username=gh_user, password=gh_pass, token=gh_token) + def search_wrapper(gen): while True: gen_back = copy(gen) @@ -30,7 +31,7 @@ def search_wrapper(gen): raise except github.exceptions.ForbiddenError as e: search_rate_limit = gh.rate_limit()['resources']['search'] - limit_remaining = search_rate_limit['remaining'] + # limit_remaining = search_rate_limit['remaining'] reset_time = search_rate_limit['reset'] current_time = int(time.time()) sleep_time = reset_time - current_time + 1 @@ -55,22 +56,22 @@ def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, act refresh_time ) -def monit(gh_dorks_file=None,active_monit=None,refresh_time=60): +def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): if gh_user is None: raise Exception('Error, env Github user variable needed') else: - print("Monitoring user private feed searching new code to be 'dorked'. Every new merged pull request trigger user scan.") - print("-----") + print('Monitoring user private feed searching new code to be dorked. Every new merged pull request trigger user scan.') + print('-----') items_history = list() - gh_private_feed = "https://github.com/"+gh_user+".private.atom?token="+active_monit + gh_private_feed = "https://github.com/{}.private.atom?token={}".format(gh_user, active_monit) while True: - feed = feedparser.parse( gh_private_feed ) + feed = feedparser.parse(gh_private_feed) for i in feed['items']: - if "merged pull" in i["title"]: - if i["title"] not in items_history: - search(user_to_search=i["author_detail"]["name"],gh_dorks_file=gh_dorks_file) - items_history.append(i["title"]) - print("Waiting for new items...") + if 'merged pull' in i['title']: + if i['title'] not in items_history: + search(user_to_search=i['author_detail']['name'], gh_dorks_file=gh_dorks_file) + items_history.append(i['title']) + print('Waiting for new items...') time.sleep(refresh_time) def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): @@ -167,7 +168,7 @@ def main(): '--monit', dest='active_monit', action='store', - help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' ) args = parser.parse_args() @@ -180,4 +181,3 @@ def main(): if __name__ == '__main__': main() - From 515429216f762b626c7a3478536bc5a9f0c9a301 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 11 Dec 2016 15:17:57 -0500 Subject: [PATCH 26/60] Add OAuth 2.0 credentials generated by the Google Identity Platform. (#19) --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index d69a90c..73c82c3 100644 --- a/README.md +++ b/README.md @@ -111,3 +111,4 @@ filename:passwd path:etc | Contains user account informat extension:avastlic | Contains license keys for Avast! Antivirus extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration +extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs diff --git a/github-dorks.txt b/github-dorks.txt index 756b10b..a4e2157 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -64,3 +64,4 @@ extension:avastlic extension:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password +extension:json googleusercontent client_secret From 4fa1af7d6f04b82c1f1736d2e7e90865d8664406 Mon Sep 17 00:00:00 2001 From: techgaun Date: Thu, 26 Jan 2017 17:30:52 -0600 Subject: [PATCH 27/60] add HOMEBREW_GITHUB_API_TOKEN --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 73c82c3..04a15f6 100644 --- a/README.md +++ b/README.md @@ -112,3 +112,4 @@ extension:avastlic | Contains license keys for Avas extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs +HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users diff --git a/github-dorks.txt b/github-dorks.txt index a4e2157..a46eea2 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -65,3 +65,4 @@ extension:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret +HOMEBREW_GITHUB_API_TOKEN language:shell From 8aede56ebf916cbefc8f80e93023aa5e78fc5fd8 Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 3 Mar 2017 01:07:38 -0600 Subject: [PATCH 28/60] add slack bot and private tokens --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 04a15f6..3d08599 100644 --- a/README.md +++ b/README.md @@ -113,3 +113,4 @@ extension:dbeaver-data-sources.xml | DBeaver config containing MySQ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users +"xoxp" OR "xoxb" | Slack bot and private tokens diff --git a/github-dorks.txt b/github-dorks.txt index a46eea2..962243c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -66,3 +66,4 @@ filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell +"xoxp" OR "xoxb" From 3b2334425800e7e6917c43314581b248e8f4109e Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 3 Mar 2017 01:13:39 -0600 Subject: [PATCH 29/60] remove quote --- README.md | 8 ++++---- github-dorks.txt | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3d08599..9479909 100644 --- a/README.md +++ b/README.md @@ -73,8 +73,8 @@ extension:json api.forecast.io | try variations, find api keys/ extension:json mongolab.com | mongolab credentials in json configs extension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml) jsforce extension:js conn.login | possible salesforce credentials in nodejs projects -SF_USERNAME "salesforce" | possible salesforce credentials -filename:.tugboat NOT "_tugboat" | Digital Ocean tugboat config +SF_USERNAME salesforce | possible salesforce credentials +filename:.tugboat NOT _tugboat | Digital Ocean tugboat config HEROKU_API_KEY language:shell | Heroku api keys HEROKU_API_KEY language:json | Heroku api keys in json files filename:.netrc password | netrc that possibly holds sensitive credentials @@ -100,7 +100,7 @@ filename:.history | history file (often used by ma filename:.sh_history | korn shell history filename:sshd_config | OpenSSH server config filename:dhcpd.conf | DHCP service config -filename:prod.exs NOT "prod.secret.exs" | Phoenix prod configuration file +filename:prod.exs NOT prod.secret.exs | Phoenix prod configuration file filename:prod.secret.exs | Phoenix prod secret filename:configuration.php JConfig password | Joomla configuration file filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) @@ -113,4 +113,4 @@ extension:dbeaver-data-sources.xml | DBeaver config containing MySQ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users -"xoxp" OR "xoxb" | Slack bot and private tokens +xoxp OR xoxb | Slack bot and private tokens diff --git a/github-dorks.txt b/github-dorks.txt index 962243c..34ccf3e 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -21,8 +21,8 @@ extension:json api.forecast.io extension:json mongolab.com extension:yaml mongolab.com jsforce extension:js conn.login -SF_USERNAME "salesforce" -filename:.tugboat NOT "_tugboat" +SF_USERNAME salesforce +filename:.tugboat NOT _tugboat HEROKU_API_KEY language:shell HEROKU_API_KEY language:json filename:.netrc password @@ -48,7 +48,7 @@ filename:.history filename:.sh_history filename:sshd_config filename:dhcpd.conf -filename:prod.exs NOT "prod.secret.exs" +filename:prod.exs NOT prod.secret.exs filename:prod.secret.exs filename:configuration.php JConfig password filename:config.php dbpasswd @@ -66,4 +66,4 @@ filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell -"xoxp" OR "xoxb" +xoxp OR xoxb From 2a6a092748d63684054a1ab3a1edd026109dc333 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Wed, 22 Mar 2017 11:16:53 -0600 Subject: [PATCH 30/60] Added support for MLAB MongoDB Credentials (#24) * Update github-dorks.txt * Update README.md --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 9479909..e44a599 100644 --- a/README.md +++ b/README.md @@ -114,3 +114,4 @@ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users xoxp OR xoxb | Slack bot and private tokens +.mlab.com password | MLAB Hosted MongoDB Credentials diff --git a/github-dorks.txt b/github-dorks.txt index 34ccf3e..fb94407 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -67,3 +67,4 @@ filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell xoxp OR xoxb +.mlab.com password From 0d9b96bc910d5c85928174719d87c6c3fa796d52 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sat, 22 Apr 2017 23:48:09 -0500 Subject: [PATCH 31/60] add few more dorks --- README.md | 3 +++ github-dorks.txt | 3 +++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index e44a599..51fd741 100644 --- a/README.md +++ b/README.md @@ -115,3 +115,6 @@ extension:json googleusercontent client_secret | OAuth credentials for accessin HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users xoxp OR xoxb | Slack bot and private tokens .mlab.com password | MLAB Hosted MongoDB Credentials +filename:logins.json | Firefox saved password collection (key3.db usually in same repo) +filename:CCCam.cfg | CCCam Server config file +msg nickserv identify filename:config | Possible IRC login passwords diff --git a/github-dorks.txt b/github-dorks.txt index fb94407..02a8a7f 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -68,3 +68,6 @@ extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell xoxp OR xoxb .mlab.com password +filename:logins.json +filename:CCCam.cfg +msg nickserv identify filename:config From 81b67cd770b868805f432573eaa09f48d47dcfe9 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 1 May 2017 11:16:00 -0500 Subject: [PATCH 32/60] improve formatting and msgs --- github-dork.py | 84 +++++++++++++++++++++++++------------------------- setup.cfg | 2 ++ 2 files changed, 44 insertions(+), 42 deletions(-) create mode 100644 setup.cfg diff --git a/github-dork.py b/github-dork.py index c7d07ae..95ce286 100644 --- a/github-dork.py +++ b/github-dork.py @@ -1,7 +1,6 @@ #!/usr/bin/env python # -*- encoding: utf-8 -*- - import github3 as github import os import argparse @@ -10,7 +9,6 @@ from copy import copy from sys import stderr - gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) gh_token = os.getenv('GH_TOKEN', None) @@ -19,7 +17,8 @@ if gh_url is None: gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) else: - gh = github.GitHubEnterprise(url=gh_url, username=gh_user, password=gh_pass, token=gh_token) + gh = github.GitHubEnterprise( + url=gh_url, username=gh_user, password=gh_pass, token=gh_token) def search_wrapper(gen): @@ -35,51 +34,63 @@ def search_wrapper(gen): reset_time = search_rate_limit['reset'] current_time = int(time.time()) sleep_time = reset_time - current_time + 1 - stderr.write('GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' %(sleep_time)) + stderr.write( + 'GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' + % (sleep_time)) time.sleep(sleep_time) yield next(gen_back) except Exception as e: raise e -def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, refresh_time=60): + +def metasearch(repo_to_search=None, + user_to_search=None, + gh_dorks_file=None, + active_monit=None, + refresh_time=60): if active_monit is None: - search( - repo_to_search, - user_to_search, - gh_dorks_file, - active_monit - ) + search(repo_to_search, user_to_search, gh_dorks_file, active_monit) else: - monit( - gh_dorks_file, - active_monit, - refresh_time - ) + monit(gh_dorks_file, active_monit, refresh_time) + def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): if gh_user is None: raise Exception('Error, env Github user variable needed') else: - print('Monitoring user private feed searching new code to be dorked. Every new merged pull request trigger user scan.') + print( + 'Monitoring user private feed searching new code to be dorked.' + + 'Every new merged pull request trigger user scan.' + ) print('-----') items_history = list() - gh_private_feed = "https://github.com/{}.private.atom?token={}".format(gh_user, active_monit) + gh_private_feed = "https://github.com/{}.private.atom?token={}".format( + gh_user, active_monit) while True: feed = feedparser.parse(gh_private_feed) for i in feed['items']: if 'merged pull' in i['title']: if i['title'] not in items_history: - search(user_to_search=i['author_detail']['name'], gh_dorks_file=gh_dorks_file) + search( + user_to_search=i['author_detail']['name'], + gh_dorks_file=gh_dorks_file) items_history.append(i['title']) print('Waiting for new items...') time.sleep(refresh_time) -def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): + +def search(repo_to_search=None, + user_to_search=None, + gh_dorks_file=None, + active_monit=None): if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - print("Scanning user: ", user_to_search) + if user_to_search: + print("Scanning User: ", user_to_search) + if repo_to_search: + print("Scanning Repo: ", repo_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: @@ -106,11 +117,8 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ } result = '\n'.join([ 'Found result for {dork}', - 'Text matches: {text_matches}', - 'File path: {path}', - 'Score/Relevance: {score}', - 'URL of File: {url}', - '' + 'Text matches: {text_matches}', 'File path: {path}', + 'Score/Relevance: {score}', 'URL of File: {url}', '' ]).format(**fmt_args) print(result) except github.exceptions.GitHubError as e: @@ -128,15 +136,10 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ def main(): parser = argparse.ArgumentParser( description='Search github for github dorks', - epilog='Use responsibly, Enjoy pentesting' - ) + epilog='Use responsibly, Enjoy pentesting') parser.add_argument( - '-v', - '--version', - action='version', - version='%(prog)s 0.1.1' - ) + '-v', '--version', action='version', version='%(prog)s 0.1.1') group = parser.add_mutually_exclusive_group(required=True) group.add_argument( @@ -144,31 +147,28 @@ def main(): '--user', dest='user_to_search', action='store', - help='Github user/org to search within. Eg: techgaun' - ) + help='Github user/org to search within. Eg: techgaun') group.add_argument( '-r', '--repo', dest='repo_to_search', action='store', - help='Github repo to search within. Eg: techgaun/github-dorks' - ) + help='Github repo to search within. Eg: techgaun/github-dorks') parser.add_argument( '-d', '--dork', dest='gh_dorks_file', action='store', - help='Github dorks file. Eg: github-dorks.txt' - ) + help='Github dorks file. Eg: github-dorks.txt') group.add_argument( '-m', '--monit', dest='active_monit', action='store', - help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + help='Monitors Github user private feed with feed token' ) args = parser.parse_args() @@ -176,8 +176,8 @@ def main(): repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, gh_dorks_file=args.gh_dorks_file, - active_monit=args.active_monit - ) + active_monit=args.active_monit) + if __name__ == '__main__': main() diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..6deafc2 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,2 @@ +[flake8] +max-line-length = 120 From 88d8d5c8e2f30fd82ddedb9dffe80172a9a7954b Mon Sep 17 00:00:00 2001 From: R Conner Howell Date: Wed, 14 Jun 2017 16:52:32 -0700 Subject: [PATCH 33/60] Add option to export results to CSV (#26) --- github-dork.py | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/github-dork.py b/github-dork.py index 95ce286..b62f70f 100644 --- a/github-dork.py +++ b/github-dork.py @@ -47,9 +47,10 @@ def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, + output_filename=None, refresh_time=60): if active_monit is None: - search(repo_to_search, user_to_search, gh_dorks_file, active_monit) + search(repo_to_search, user_to_search, gh_dorks_file, active_monit, output_filename) else: monit(gh_dorks_file, active_monit, refresh_time) @@ -82,7 +83,9 @@ def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, - active_monit=None): + active_monit=None, + output_filename=None): + if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): @@ -92,7 +95,15 @@ def search(repo_to_search=None, if repo_to_search: print("Scanning Repo: ", repo_to_search) found = False + + outputFile = None + if output_filename: + outputFile = open(output_filename, 'w') + with open(gh_dorks_file, 'r') as dork_file: + # Write CSV Header + if outputFile: + outputFile.write('Issue Type (Dork), Text Matches, File Path, Score/Relevance, URL of File\n') for dork in dork_file: dork = dork.strip() if not dork or dork[0] in '#;': @@ -115,12 +126,18 @@ def search(repo_to_search=None, 'score': search_result.score, 'url': search_result.html_url } - result = '\n'.join([ - 'Found result for {dork}', - 'Text matches: {text_matches}', 'File path: {path}', - 'Score/Relevance: {score}', 'URL of File: {url}', '' - ]).format(**fmt_args) - print(result) + + # Either write to file or print output + if outputFile: + outputFile.write('{dork}, {text_matches}, {path}, {score}, {url}\n'.format(**fmt_args)) + else: + result = '\n'.join([ + 'Found result for {dork}', + 'Text matches: {text_matches}', 'File path: {path}', + 'Score/Relevance: {score}', 'URL of File: {url}', '' + ]).format(**fmt_args) + print(result) + except github.exceptions.GitHubError as e: print('GitHubError encountered on search of dork: ' + dork) print(e) @@ -171,12 +188,21 @@ def main(): help='Monitors Github user private feed with feed token' ) + parser.add_argument( + '-o', + '--outputFile', + dest='output_filename', + action='store', + help='CSV File to write results to. This overwrites the file provided! Eg: out.csv' + ) + args = parser.parse_args() metasearch( repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, gh_dorks_file=args.gh_dorks_file, - active_monit=args.active_monit) + active_monit=args.active_monit, + output_filename=args.output_filename) if __name__ == '__main__': From 647ee549c84e65400f25095d14128bbd013128a2 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 09:25:04 -0600 Subject: [PATCH 34/60] Added Django SECRET_KEYs. (#27) * Added pattern for django secret keys * Update README.md --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 51fd741..6045779 100644 --- a/README.md +++ b/README.md @@ -118,3 +118,4 @@ xoxp OR xoxb | Slack bot and private tokens filename:logins.json | Firefox saved password collection (key3.db usually in same repo) filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords +filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) diff --git a/github-dorks.txt b/github-dorks.txt index 02a8a7f..4a0211d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -71,3 +71,4 @@ xoxp OR xoxb filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config +filename:settings.py SECRET_KEY From e5a58673894c5972b9a99a0d67f3c8b4c79fc405 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 11:02:42 -0600 Subject: [PATCH 35/60] Added pull request templates (#28) * Create PULL_REQUEST_TEMPLATE.md * Moved to .github --- .github/PULL_REQUEST_TEMPLATE.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..98b90f0 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,13 @@ +### Please include all of the following fields when adding dorks/patterns +- Search URL: https://github.com/search?q= +- Number of search results at time of PR: +- Impact of data disclosed (see table below): +- Description of data disclosed: + +| Icon/Name | Description | Examples | +|-----------|---------------------------------------------------------------------------------------------------------|----------------------------------------------------------------| +❓ Unknown | The impact of this data is highly variable or unknown) | N/A | +➖ Low | This data will provide minimal access or mostly public information) | Non-stored XSS, Limited scope + read-only API access | +➕ Moderate | This data will provide some access or information | Stored XSS in some cases, read-only or limited write API access| +⚠️ High | This data will provide single-user access or secret information) | Usernames/passwords, OAuth tokens | +❗️ Critical | This data will provide complete control, access to several users, or confidential/personal information | Credential database dumps, AWS keys From d6c0014978f215cdeffe3075a7a7107c4ae039e5 Mon Sep 17 00:00:00 2001 From: Craig Hays Date: Wed, 28 Feb 2018 15:16:06 +0000 Subject: [PATCH 36/60] Adding Rails secrets.yml dork (#30) Rails uses a file secrets.yml to hold API keys and passwords. This should never be in github repositories... but it often is. Adding this to the list. --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 4a0211d..d256d1a 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -72,3 +72,4 @@ filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY +filename:secrets.yml password From 86299220a1007a6e28843c69f0fb48b966c02503 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:12:16 -0700 Subject: [PATCH 37/60] Fixed extension filter usage for two dorks (closes #33) --- README.md | 4 ++-- github-dorks.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6045779..ad92d62 100644 --- a/README.md +++ b/README.md @@ -108,8 +108,8 @@ path:sites databases password | Drupal website database creden shodan_api_key language:python | Shodan API keys (try other languages too) filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems -extension:avastlic | Contains license keys for Avast! Antivirus -extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials +extension:avastlic "support.avast.com" | Contains license keys for Avast! Antivirus +filename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..fa48128 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -60,8 +60,8 @@ shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc filename:passwd path:etc -extension:avastlic -extension:dbeaver-data-sources.xml +extension:avastlic "support.avast.com" +filename:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret From a4b0e49f6dcae37b3e21715f0bbf7f098742e09f Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:21:40 -0700 Subject: [PATCH 38/60] Added dorks using filenames from Git wiping (h/t @badpackets) --- github-dorks.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..bd57188 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,3 +73,10 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:deployment-config.json +filename:.ftpconfig +filename:.remote-sync.json +filename:sftp.json path:.vscode +filename:sftp-config.json +filename:WebServers.xml + From cbd0af4bf4fdaf4095588d72177a7c1e3f84d9bf Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:41:05 -0700 Subject: [PATCH 39/60] Added descriptions for dorks --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6045779..1abb760 100644 --- a/README.md +++ b/README.md @@ -119,3 +119,9 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials +filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials +filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials +filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails +filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) From 07e311d4b98a1789494aea3827ed274da75db2d7 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:53:36 -0700 Subject: [PATCH 40/60] Removed existing dork --- github-dorks.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/github-dorks.txt b/github-dorks.txt index bd57188..02a8bde 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -77,6 +77,5 @@ filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode -filename:sftp-config.json filename:WebServers.xml From 1da777e7cc301a152637360d375145ac551d7afb Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 17:24:19 -0700 Subject: [PATCH 41/60] Quick typo fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f4b4812..028a774 100644 --- a/README.md +++ b/README.md @@ -124,4 +124,4 @@ filename:.ftpconfig | Created by remote-ssh for Atom filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials -filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) From 3e22f76c5a6eb88b18ed06d7ebde3a2521432b44 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 8 Sep 2019 23:04:08 -0600 Subject: [PATCH 42/60] Add Rails' master.key to dorks list (#37) * Add Rails' master.key to dorks list Rails 5.2+ has a `config/credentials.yml.enc` file and `config/master.key` to decrypt it. If you decrypt the `credentials.yml.enc` file using this key, it'll have the secret key base that Rails uses to protect cookies. It may also have other credentials if the user added them, e.g. AWS keys. See this article for more info: https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2 * Add path to master.key dork. To get rid of false positives. By default, Rails generates the master.key at config/master.key. * Updated readme with new dorks --- README.md | 2 ++ github-dorks.txt | 1 + 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 028a774..3364b8f 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:secrets.yml password | Usernames/passwords, Rails applications +filename:master.key path:config | Rails master key (used for decrypting `credentials.yml.enc` for Rails 5.2+) filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials diff --git a/github-dorks.txt b/github-dorks.txt index d056518..8bcd5ec 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,6 +73,7 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:master.key path:config filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json From ac14fecef1155ce2b9d5ce2b1777a71d8d2e473b Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 17 May 2020 12:37:00 -0500 Subject: [PATCH 43/60] bugfix: return instead of raise closes #38 --- github-dork.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-dork.py b/github-dork.py index b62f70f..1ca7274 100644 --- a/github-dork.py +++ b/github-dork.py @@ -27,7 +27,7 @@ def search_wrapper(gen): try: yield next(gen) except StopIteration: - raise + return except github.exceptions.ForbiddenError as e: search_rate_limit = gh.rate_limit()['resources']['search'] # limit_remaining = search_rate_limit['remaining'] From 07e04721b0a78c978cb145c57aa113f4cc92edf3 Mon Sep 17 00:00:00 2001 From: techgaun Date: Tue, 19 May 2020 22:41:34 -0500 Subject: [PATCH 44/60] add funding info --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..1f487de --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: techgaun From a6dc3873166878f0489094a97a1c12a7bd09df53 Mon Sep 17 00:00:00 2001 From: verdantfire Date: Mon, 26 Oct 2020 18:41:13 +0530 Subject: [PATCH 45/60] Readability changes to README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3364b8f..58ca490 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Github Dorks -[Github search](https://github.com/search) is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. +[Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. ### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. #### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. @@ -14,18 +14,18 @@ pip install -r requirements.txt #### Usage ``` -GH_USER - Environment variable to specify github user +GH_USER - Environment variable to specify Github user GH_PWD - Environment variable to specify password -GH_TOKEN - Environment variable to specify github token +GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search single repo +python github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of user +python github-dork.py -u techgaun # search all repos of a user python github-dork.py -u dev-nepal # search all repos of an organization @@ -43,10 +43,10 @@ GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search - ~~Handle rate limit and retry. PR welcome~~ ### Contribution -Please consider contributing the dorks that can reveal potentially sensitive information in github. +Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks -I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). +I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description ------------------------------------------------|-------------------------------------------------------------------------- From 1a37c436421135efb2dcbdb1f131c3260b20e504 Mon Sep 17 00:00:00 2001 From: David McKennirey Date: Sun, 10 Jan 2021 10:07:15 -0500 Subject: [PATCH 46/60] Update Github Dorks file to include the jupyter_notebook_config.json file, which saves the hashed password of a jupyter notebook server. (https://jupyter-notebook.readthedocs.io/en/stable/public_server.html\#automatic-password-setup) --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 8bcd5ec..a49724d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -79,4 +79,5 @@ filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml +filename:jupyter_notebook_config.json From 0251305a841f9d6a4567430173660c0c7fc0bca5 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 18 Jan 2021 00:44:32 -0600 Subject: [PATCH 47/60] upgrade feedparser to fix base64 change in python3.9 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9b4e16f..cfe346b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ github3.py==1.0.0a2 -feedparser==5.1.3 +feedparser==6.0.2 From 5a5bdbb946c5044a486f837a540b34d0479ccc7c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:54:57 +0300 Subject: [PATCH 48/60] add telegram API token --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..e3ddb46 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"api_hash" "api_id" | Telegram API token diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..792354c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"api_hash" "api_id" From e0924081d789c2272b2b8f2ac5facca6dc8b9e6a Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:57:09 +0300 Subject: [PATCH 49/60] add slack services --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..12ef5c4 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"https://hooks.slack.com/services/" | Slack services URL often have secret API token as a suffix diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..ab91fd6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"https://hooks.slack.com/services/" From 0273d511c28035d6b6a88bde39c5fdf55f0b03d6 Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:59:40 +0300 Subject: [PATCH 50/60] add github gitlab and discord recovery codes --- README.md | 3 +++ github-dorks.txt | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..f31a54e 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,6 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +filename:github-recovery-codes.txt | GitHub recovery key +filename:gitlab-recovery-codes.txt | GitLab recovery key +filename:discord_backup_codes.txt | Discord recovery key diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..6e67381 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,6 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +filename:github-recovery-codes.txt +filename:gitlab-recovery-codes.txt +filename:discord_backup_codes.txt From c12029ead6708aca4d33da9e447eadf69076b39c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 13:10:26 +0300 Subject: [PATCH 51/60] fix issues with readme according to MD022 'Headings should be surrounded by blank lines' according to MD001 'Heading levels should only increment by one level at a time' use `a basic` not `basic`, `the text file` not `text file` and `a password` not `password` --- README.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 58ca490..d755738 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,26 @@ # Github Dorks + [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. -### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +## GitHub Dork Search Tool + +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file. + +### Installation -#### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. Clone this repository and run: + ```shell pip install -r requirements.txt ``` -#### Usage +### Usage + ``` GH_USER - Environment variable to specify Github user -GH_PWD - Environment variable to specify password +GH_PWD - Environment variable to specify a password GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` @@ -36,16 +41,18 @@ GH_TOKEN= python github-dork.py -u dev-nepal # search GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` -#### Limitations +### Limitations - Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow. - Output formatting is not great. PR welcome - ~~Handle rate limit and retry. PR welcome~~ ### Contribution + Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks + I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description From 327d725f14e182115a832e21692f4b99e6107ad8 Mon Sep 17 00:00:00 2001 From: Hexiro <42787085+Hexiro@users.noreply.github.com> Date: Sun, 3 Oct 2021 19:34:16 -0400 Subject: [PATCH 52/60] add `cloud.redislabs.com` url in yaml/json --- README.md | 2 ++ github-dorks.txt | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..84eb7c5 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,5 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +extension:yaml cloud.redislabs.com | Redis credentials provided by Redis Labs found in a YAML file +extension:json cloud.redislabs.com | Redis credentials provided by Redis Labs found in a JSON file diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..753d824 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,5 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +extension:yaml cloud.redislabs.com +extension:json cloud.redislabs.com From c7e4c684ba96bb0713511e449f1cd7a825b3ab4b Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 14:57:48 +0100 Subject: [PATCH 53/60] Add setup.py This commit adds a setup.py file to allow users to install github-dorks more easily. --- README.md | 14 +++++++------- setup.py | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 setup.py diff --git a/README.md b/README.md index 7b51b82..3f24dd5 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk Clone this repository and run: ```shell -pip install -r requirements.txt +pip install . ``` ### Usage @@ -28,17 +28,17 @@ GH_URL - Environment variable to specify GitHub Enterprise base URL Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search a single repo +github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of a user +github-dork.py -u techgaun # search all repos of a user -python github-dork.py -u dev-nepal # search all repos of an organization +github-dork.py -u dev-nepal # search all repos of an organization -GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user +GH_USER=techgaun GH_PWD= github-dork.py -u dev-nepal # search as authenticated user -GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token +GH_TOKEN= github-dork.py -u dev-nepal # search using auth token -GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance +GH_URL=https://github.example.com github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` ### Limitations diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..faadf24 --- /dev/null +++ b/setup.py @@ -0,0 +1,20 @@ +from setuptools import setup + +with open('README.md', 'r') as f: + long_description = f.read() + +setup( + name='github-dorks', + version='0.1', + description='Find leaked secrets via github search.', + license='Apache License 2.0', + long_description=long_description, + author='Samar Dhwoj Acharya (@techgaun)', + long_description_content_type='text/markdown', + scripts=['github-dork.py'], + data_files=[('github-dorks', ['github-dorks.txt'])], + install_requires=[ + 'github3.py==1.0.0a2', + 'feedparser==6.0.2', + ], +) From 27f5385d7c047e21abd7bd252f3ae381f85e0917 Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 15:28:18 +0100 Subject: [PATCH 54/60] Also look for github-dorks.txt in sys.prefix --- github-dork.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/github-dork.py b/github-dork.py index 1ca7274..713cbc1 100644 --- a/github-dork.py +++ b/github-dork.py @@ -7,7 +7,7 @@ import time import feedparser from copy import copy -from sys import stderr +from sys import stderr, prefix gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) @@ -87,7 +87,12 @@ def search(repo_to_search=None, output_filename=None): if gh_dorks_file is None: - gh_dorks_file = 'github-dorks.txt' + for path_prefix in ['.', os.path.join(prefix, 'github-dorks/')]: + filename = os.path.join(path_prefix, 'github-dorks.txt') + if os.path.isfile(filename): + gh_dorks_file = filename + break + if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') if user_to_search: From ab447249f691ace198edd570c8329801153beae8 Mon Sep 17 00:00:00 2001 From: dbfreem Date: Fri, 15 Dec 2023 22:29:03 -0500 Subject: [PATCH 55/60] bumped github3.py dependency --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index faadf24..979e932 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ scripts=['github-dork.py'], data_files=[('github-dorks', ['github-dorks.txt'])], install_requires=[ - 'github3.py==1.0.0a2', + 'github3.py==4.0.1', 'feedparser==6.0.2', ], ) From d50a677beae7b7c2972eba86ab42d28dab57fd35 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya <1886670+techgaun@users.noreply.github.com> Date: Tue, 19 Dec 2023 10:06:50 -0600 Subject: [PATCH 56/60] add datadog api key dork --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index a96b015..c5625a6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -87,3 +87,4 @@ filename:gitlab-recovery-codes.txt filename:discord_backup_codes.txt extension:yaml cloud.redislabs.com extension:json cloud.redislabs.com +DATADOG_API_KEY language:shell From b948dba8c0038ac3041f5dbce079bc6ba74c8840 Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:34:04 -0500 Subject: [PATCH 57/60] build with Dockerfile --- Dockerfile | 31 +++++++++++++++++++++++++++++++ README.md | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0d8ecb9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Use Python 3.8 as base - this version has good compatibility with older packages +FROM python:3.8-slim + +# Set working directory +WORKDIR /app + +# Install git (needed for pip install from git repos) +RUN apt-get update && \ + apt-get install -y git && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Copy only the necessary files +COPY github-dork.py /app/ +COPY github-dorks.txt /app/ +COPY setup.py /app/ +COPY README.md /app/ +COPY requirements.txt /app/ + +# Install dependencies +# Using the specific version of github3.py that's known to work +RUN pip install --no-cache-dir github3.py==1.0.0a2 feedparser==6.0.2 + +# Set environment variables +ENV PYTHONUNBUFFERED=1 +ENV PYTHONIOENCODING=UTF-8 + +# Create volume for potential output files +VOLUME ["/app/output"] + +ENTRYPOINT ["python", "github-dork.py"] \ No newline at end of file diff --git a/README.md b/README.md index 3f24dd5..7daa065 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,24 @@ Clone this repository and run: pip install . ``` +### Docker Installation + +You can also run github-dorks using Docker for a consistent environment: + +```shell +# Build the Docker image +docker build -t github-dorks . + +# Run with a GitHub token (recommended) +docker run -e GH_TOKEN=your_github_token github-dorks -u someuser + +# Run with username/password +docker run -e GH_USER=your_username -e GH_PWD=your_password github-dorks -u someuser + +# Save results to a CSV file +docker run -v $(pwd)/output:/app/output -e GH_TOKEN=your_github_token github-dorks -u someuser -o /app/output/results.csv +``` + ### Usage ``` From 2a6109777e95fdcee5a667ee722586c55564078c Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:37:35 -0500 Subject: [PATCH 58/60] CI: docker build --- .github/workflows/docker-build.yml | 37 ++++++++++++++++++++++++++++++ README.md | 2 ++ 2 files changed, 39 insertions(+) create mode 100644 .github/workflows/docker-build.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..f243f8e --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,37 @@ +name: Docker Build & Test + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: github-dorks:test + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Test Docker image + run: | + # Test the version flag + docker run github-dorks:test -v + + # Basic test with a public repo (no auth needed) + docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt + + - name: Verify image size + run: docker image ls github-dorks:test diff --git a/README.md b/README.md index 7daa065..eb36e4f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Docker Build & Test](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml/badge.svg)](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml) + # Github Dorks [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. From 2395986e18ef75dfa7bc02df849660f2f0483b6d Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:40:55 -0500 Subject: [PATCH 59/60] CI simplify build --- .github/workflows/docker-build.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index f243f8e..8476c21 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -27,11 +27,8 @@ jobs: - name: Test Docker image run: | - # Test the version flag + # Test the version flag with version flag docker run github-dorks:test -v - - # Basic test with a public repo (no auth needed) - docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt - name: Verify image size run: docker image ls github-dorks:test From 21ed3923e445ccc4058375062608eb2387d29132 Mon Sep 17 00:00:00 2001 From: Divyaranjan Sahoo Date: Sun, 5 Oct 2025 20:47:01 +0530 Subject: [PATCH 60/60] chore(ci): add flake8 lint workflow and fix minor lint issue - Add GitHub Actions workflow to run flake8 on push and PR - Align Python version with Dockerfile (3.8) - Fix unused variable in exception handler to satisfy flake8 Refs: #59 --- .github/workflows/lint.yml | 28 ++++++++++++++++++++++++++++ github-dork.py | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..038f261 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,28 @@ +name: Lint (flake8) + +on: + push: + branches: [ "**" ] + pull_request: + branches: [ "**" ] + +jobs: + flake8: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.8' + + - name: Install flake8 + run: | + python -m pip install --upgrade pip + pip install flake8 + + - name: Run flake8 + run: | + flake8 . diff --git a/github-dork.py b/github-dork.py index 713cbc1..2941b04 100644 --- a/github-dork.py +++ b/github-dork.py @@ -28,7 +28,7 @@ def search_wrapper(gen): yield next(gen) except StopIteration: return - except github.exceptions.ForbiddenError as e: + except github.exceptions.ForbiddenError: search_rate_limit = gh.rate_limit()['resources']['search'] # limit_remaining = search_rate_limit['remaining'] reset_time = search_rate_limit['reset']