From b936cfc90d16ef2b1bbfc0856e26295b63d66b6a Mon Sep 17 00:00:00 2001 From: "@ffranz" Date: Fri, 9 Sep 2016 16:22:42 +0200 Subject: [PATCH 01/41] Adding capability to keep dorking across user news feed (#12) * Update github-dorks.txt Add dork in order to find Shodan.io API keys. * Update github-dorks.txt Add generic dork focus on config.php files that contains pass string * Update github-dorks.txt Search for Unix shadow files * Add monitoring mode * solve indent problems and py3 support * Solve problems related indent and add Python3 support --- github-dork.py | 54 +++++++++++++++++++++++++++++++++++++++++++----- requirements.txt | 1 + 2 files changed, 50 insertions(+), 5 deletions(-) diff --git a/github-dork.py b/github-dork.py index 9e2e83f..c78abe1 100644 --- a/github-dork.py +++ b/github-dork.py @@ -6,6 +6,7 @@ import os import argparse import time +import feedparser from copy import copy from sys import stderr @@ -39,12 +40,45 @@ def search_wrapper(gen): except Exception as e: raise e -def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None): +def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, refresh_time=60): + if active_monit is None: + search( + repo_to_search, + user_to_search, + gh_dorks_file, + active_monit + ) + else: + monit( + gh_dorks_file, + active_monit, + refresh_time + ) + +def monit(gh_dorks_file=None,active_monit=None,refresh_time=60): + if gh_user is None: + raise Exception('Error, env Github user variable needed') + else: + print("Monitoring user private feed searching new code to be 'dorked'. Every new merged pull request trigger user scan.") + print("-----") + items_history = list() + gh_private_feed = "https://github.com/"+gh_user+".private.atom?token="+active_monit + while True: + feed = feedparser.parse( gh_private_feed ) + for i in feed['items']: + if "merged pull" in i["title"]: + if i["title"] not in items_history: + search(user_to_search=i["author_detail"]["name"],gh_dorks_file=gh_dorks_file) + items_history.append(i["title"]) + print("Waiting for new items...") + time.sleep(refresh_time) + +def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - + print("Scannig user: ", user_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: @@ -100,7 +134,7 @@ def main(): '-v', '--version', action='version', - version='%(prog)s 0.1.0' + version='%(prog)s 0.1.1' ) group = parser.add_mutually_exclusive_group(required=True) @@ -128,12 +162,22 @@ def main(): help='Github dorks file. Eg: github-dorks.txt' ) + group.add_argument( + '-m', + '--monit', + dest='active_monit', + action='store', + help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + ) + args = parser.parse_args() - search( + metasearch( repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, - gh_dorks_file=args.gh_dorks_file + gh_dorks_file=args.gh_dorks_file, + active_monit=args.active_monit ) if __name__ == '__main__': main() + diff --git a/requirements.txt b/requirements.txt index 2aeb53d..9b4e16f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ github3.py==1.0.0a2 +feedparser==5.1.3 From 46e3e304bda36596474a3af9dbd468bdafb2fba4 Mon Sep 17 00:00:00 2001 From: Saugat Acharya Date: Wed, 26 Oct 2016 22:13:22 +0545 Subject: [PATCH 02/41] Update README.md with new dorks (#13) --- README.md | 3 +++ github-dorks.txt | 1 + 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 5d1647c..fbfb0d0 100644 --- a/README.md +++ b/README.md @@ -105,3 +105,6 @@ filename:prod.secret.exs | Phoenix prod secret filename:configuration.php JConfig password | Joomla configuration file filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) path:sites databases password | Drupal website database credentials +shodan_api_key language:python | Shodan API keys (try other languages too) +filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems +filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems diff --git a/github-dorks.txt b/github-dorks.txt index e7ccc43..2298938 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -59,3 +59,4 @@ shodan_api_key language:shell shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc +filename:passwd path:etc From 0a00f6adbec4ebf7b299212619c00aa1ba887500 Mon Sep 17 00:00:00 2001 From: Sriram Venkatesh Date: Tue, 22 Nov 2016 15:45:52 +1300 Subject: [PATCH 03/41] Fixing spelling mistake in script output (#14) --- github-dork.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-dork.py b/github-dork.py index c78abe1..6fd596d 100644 --- a/github-dork.py +++ b/github-dork.py @@ -78,7 +78,7 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - print("Scannig user: ", user_to_search) + print("Scanning user: ", user_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: From cf130aee16035c24d12dda3954057e36cca3d9e8 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 27 Nov 2016 11:49:40 -0700 Subject: [PATCH 04/41] Added a few dorks (#17) * Add avast license keys and DBeaver config file * Update README.md --- README.md | 2 ++ github-dorks.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index fbfb0d0..c24b7d5 100644 --- a/README.md +++ b/README.md @@ -108,3 +108,5 @@ path:sites databases password | Drupal website database creden shodan_api_key language:python | Shodan API keys (try other languages too) filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems +extension:avastlic | Contains license keys for Avast! Antivirus +extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials diff --git a/github-dorks.txt b/github-dorks.txt index 2298938..a53be34 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -60,3 +60,5 @@ shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc filename:passwd path:etc +extension:avastlic +extension:dbeaver-data-sources.xml From 8bf320980523ee4fa7a202bc179f4ceda5f5b41b Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Mon, 28 Nov 2016 17:25:41 -0700 Subject: [PATCH 05/41] Added dork from random forums site (#18) https://the.bytecode.club/showthread.php?tid=529 --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index a53be34..710e394 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -62,3 +62,4 @@ filename:shadow path:etc filename:passwd path:etc extension:avastlic extension:dbeaver-data-sources.xml +filename:sftp-config.json From 6cabcc5f7c3a537d013adc908db1fc1b3311f4d8 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 4 Dec 2016 03:10:27 -0600 Subject: [PATCH 06/41] add esmtprc dork --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index c24b7d5..d69a90c 100644 --- a/README.md +++ b/README.md @@ -110,3 +110,4 @@ filename:shadow path:etc | Contains encrypted passwords a filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems extension:avastlic | Contains license keys for Avast! Antivirus extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials +filename:.esmtprc password | esmtp configuration diff --git a/github-dorks.txt b/github-dorks.txt index 710e394..756b10b 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -63,3 +63,4 @@ filename:passwd path:etc extension:avastlic extension:dbeaver-data-sources.xml filename:sftp-config.json +filename:.esmtprc password From 2f89e86d71aeae7f47eafad5919f6eafb26eac2a Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 4 Dec 2016 03:18:36 -0600 Subject: [PATCH 07/41] minor code refactors --- github-dork.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/github-dork.py b/github-dork.py index 6fd596d..c7d07ae 100644 --- a/github-dork.py +++ b/github-dork.py @@ -21,6 +21,7 @@ else: gh = github.GitHubEnterprise(url=gh_url, username=gh_user, password=gh_pass, token=gh_token) + def search_wrapper(gen): while True: gen_back = copy(gen) @@ -30,7 +31,7 @@ def search_wrapper(gen): raise except github.exceptions.ForbiddenError as e: search_rate_limit = gh.rate_limit()['resources']['search'] - limit_remaining = search_rate_limit['remaining'] + # limit_remaining = search_rate_limit['remaining'] reset_time = search_rate_limit['reset'] current_time = int(time.time()) sleep_time = reset_time - current_time + 1 @@ -55,22 +56,22 @@ def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, act refresh_time ) -def monit(gh_dorks_file=None,active_monit=None,refresh_time=60): +def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): if gh_user is None: raise Exception('Error, env Github user variable needed') else: - print("Monitoring user private feed searching new code to be 'dorked'. Every new merged pull request trigger user scan.") - print("-----") + print('Monitoring user private feed searching new code to be dorked. Every new merged pull request trigger user scan.') + print('-----') items_history = list() - gh_private_feed = "https://github.com/"+gh_user+".private.atom?token="+active_monit + gh_private_feed = "https://github.com/{}.private.atom?token={}".format(gh_user, active_monit) while True: - feed = feedparser.parse( gh_private_feed ) + feed = feedparser.parse(gh_private_feed) for i in feed['items']: - if "merged pull" in i["title"]: - if i["title"] not in items_history: - search(user_to_search=i["author_detail"]["name"],gh_dorks_file=gh_dorks_file) - items_history.append(i["title"]) - print("Waiting for new items...") + if 'merged pull' in i['title']: + if i['title'] not in items_history: + search(user_to_search=i['author_detail']['name'], gh_dorks_file=gh_dorks_file) + items_history.append(i['title']) + print('Waiting for new items...') time.sleep(refresh_time) def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): @@ -167,7 +168,7 @@ def main(): '--monit', dest='active_monit', action='store', - help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' ) args = parser.parse_args() @@ -180,4 +181,3 @@ def main(): if __name__ == '__main__': main() - From 515429216f762b626c7a3478536bc5a9f0c9a301 Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sun, 11 Dec 2016 15:17:57 -0500 Subject: [PATCH 08/41] Add OAuth 2.0 credentials generated by the Google Identity Platform. (#19) --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index d69a90c..73c82c3 100644 --- a/README.md +++ b/README.md @@ -111,3 +111,4 @@ filename:passwd path:etc | Contains user account informat extension:avastlic | Contains license keys for Avast! Antivirus extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration +extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs diff --git a/github-dorks.txt b/github-dorks.txt index 756b10b..a4e2157 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -64,3 +64,4 @@ extension:avastlic extension:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password +extension:json googleusercontent client_secret From 4fa1af7d6f04b82c1f1736d2e7e90865d8664406 Mon Sep 17 00:00:00 2001 From: techgaun Date: Thu, 26 Jan 2017 17:30:52 -0600 Subject: [PATCH 09/41] add HOMEBREW_GITHUB_API_TOKEN --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 73c82c3..04a15f6 100644 --- a/README.md +++ b/README.md @@ -112,3 +112,4 @@ extension:avastlic | Contains license keys for Avas extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs +HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users diff --git a/github-dorks.txt b/github-dorks.txt index a4e2157..a46eea2 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -65,3 +65,4 @@ extension:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret +HOMEBREW_GITHUB_API_TOKEN language:shell From 8aede56ebf916cbefc8f80e93023aa5e78fc5fd8 Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 3 Mar 2017 01:07:38 -0600 Subject: [PATCH 10/41] add slack bot and private tokens --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 04a15f6..3d08599 100644 --- a/README.md +++ b/README.md @@ -113,3 +113,4 @@ extension:dbeaver-data-sources.xml | DBeaver config containing MySQ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users +"xoxp" OR "xoxb" | Slack bot and private tokens diff --git a/github-dorks.txt b/github-dorks.txt index a46eea2..962243c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -66,3 +66,4 @@ filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell +"xoxp" OR "xoxb" From 3b2334425800e7e6917c43314581b248e8f4109e Mon Sep 17 00:00:00 2001 From: techgaun Date: Fri, 3 Mar 2017 01:13:39 -0600 Subject: [PATCH 11/41] remove quote --- README.md | 8 ++++---- github-dorks.txt | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3d08599..9479909 100644 --- a/README.md +++ b/README.md @@ -73,8 +73,8 @@ extension:json api.forecast.io | try variations, find api keys/ extension:json mongolab.com | mongolab credentials in json configs extension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml) jsforce extension:js conn.login | possible salesforce credentials in nodejs projects -SF_USERNAME "salesforce" | possible salesforce credentials -filename:.tugboat NOT "_tugboat" | Digital Ocean tugboat config +SF_USERNAME salesforce | possible salesforce credentials +filename:.tugboat NOT _tugboat | Digital Ocean tugboat config HEROKU_API_KEY language:shell | Heroku api keys HEROKU_API_KEY language:json | Heroku api keys in json files filename:.netrc password | netrc that possibly holds sensitive credentials @@ -100,7 +100,7 @@ filename:.history | history file (often used by ma filename:.sh_history | korn shell history filename:sshd_config | OpenSSH server config filename:dhcpd.conf | DHCP service config -filename:prod.exs NOT "prod.secret.exs" | Phoenix prod configuration file +filename:prod.exs NOT prod.secret.exs | Phoenix prod configuration file filename:prod.secret.exs | Phoenix prod secret filename:configuration.php JConfig password | Joomla configuration file filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) @@ -113,4 +113,4 @@ extension:dbeaver-data-sources.xml | DBeaver config containing MySQ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users -"xoxp" OR "xoxb" | Slack bot and private tokens +xoxp OR xoxb | Slack bot and private tokens diff --git a/github-dorks.txt b/github-dorks.txt index 962243c..34ccf3e 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -21,8 +21,8 @@ extension:json api.forecast.io extension:json mongolab.com extension:yaml mongolab.com jsforce extension:js conn.login -SF_USERNAME "salesforce" -filename:.tugboat NOT "_tugboat" +SF_USERNAME salesforce +filename:.tugboat NOT _tugboat HEROKU_API_KEY language:shell HEROKU_API_KEY language:json filename:.netrc password @@ -48,7 +48,7 @@ filename:.history filename:.sh_history filename:sshd_config filename:dhcpd.conf -filename:prod.exs NOT "prod.secret.exs" +filename:prod.exs NOT prod.secret.exs filename:prod.secret.exs filename:configuration.php JConfig password filename:config.php dbpasswd @@ -66,4 +66,4 @@ filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell -"xoxp" OR "xoxb" +xoxp OR xoxb From 2a6a092748d63684054a1ab3a1edd026109dc333 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Wed, 22 Mar 2017 11:16:53 -0600 Subject: [PATCH 12/41] Added support for MLAB MongoDB Credentials (#24) * Update github-dorks.txt * Update README.md --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 9479909..e44a599 100644 --- a/README.md +++ b/README.md @@ -114,3 +114,4 @@ filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users xoxp OR xoxb | Slack bot and private tokens +.mlab.com password | MLAB Hosted MongoDB Credentials diff --git a/github-dorks.txt b/github-dorks.txt index 34ccf3e..fb94407 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -67,3 +67,4 @@ filename:.esmtprc password extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell xoxp OR xoxb +.mlab.com password From 0d9b96bc910d5c85928174719d87c6c3fa796d52 Mon Sep 17 00:00:00 2001 From: techgaun Date: Sat, 22 Apr 2017 23:48:09 -0500 Subject: [PATCH 13/41] add few more dorks --- README.md | 3 +++ github-dorks.txt | 3 +++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index e44a599..51fd741 100644 --- a/README.md +++ b/README.md @@ -115,3 +115,6 @@ extension:json googleusercontent client_secret | OAuth credentials for accessin HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users xoxp OR xoxb | Slack bot and private tokens .mlab.com password | MLAB Hosted MongoDB Credentials +filename:logins.json | Firefox saved password collection (key3.db usually in same repo) +filename:CCCam.cfg | CCCam Server config file +msg nickserv identify filename:config | Possible IRC login passwords diff --git a/github-dorks.txt b/github-dorks.txt index fb94407..02a8a7f 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -68,3 +68,6 @@ extension:json googleusercontent client_secret HOMEBREW_GITHUB_API_TOKEN language:shell xoxp OR xoxb .mlab.com password +filename:logins.json +filename:CCCam.cfg +msg nickserv identify filename:config From 81b67cd770b868805f432573eaa09f48d47dcfe9 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 1 May 2017 11:16:00 -0500 Subject: [PATCH 14/41] improve formatting and msgs --- github-dork.py | 84 +++++++++++++++++++++++++------------------------- setup.cfg | 2 ++ 2 files changed, 44 insertions(+), 42 deletions(-) create mode 100644 setup.cfg diff --git a/github-dork.py b/github-dork.py index c7d07ae..95ce286 100644 --- a/github-dork.py +++ b/github-dork.py @@ -1,7 +1,6 @@ #!/usr/bin/env python # -*- encoding: utf-8 -*- - import github3 as github import os import argparse @@ -10,7 +9,6 @@ from copy import copy from sys import stderr - gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) gh_token = os.getenv('GH_TOKEN', None) @@ -19,7 +17,8 @@ if gh_url is None: gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token) else: - gh = github.GitHubEnterprise(url=gh_url, username=gh_user, password=gh_pass, token=gh_token) + gh = github.GitHubEnterprise( + url=gh_url, username=gh_user, password=gh_pass, token=gh_token) def search_wrapper(gen): @@ -35,51 +34,63 @@ def search_wrapper(gen): reset_time = search_rate_limit['reset'] current_time = int(time.time()) sleep_time = reset_time - current_time + 1 - stderr.write('GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' %(sleep_time)) + stderr.write( + 'GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' + % (sleep_time)) time.sleep(sleep_time) yield next(gen_back) except Exception as e: raise e -def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, refresh_time=60): + +def metasearch(repo_to_search=None, + user_to_search=None, + gh_dorks_file=None, + active_monit=None, + refresh_time=60): if active_monit is None: - search( - repo_to_search, - user_to_search, - gh_dorks_file, - active_monit - ) + search(repo_to_search, user_to_search, gh_dorks_file, active_monit) else: - monit( - gh_dorks_file, - active_monit, - refresh_time - ) + monit(gh_dorks_file, active_monit, refresh_time) + def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): if gh_user is None: raise Exception('Error, env Github user variable needed') else: - print('Monitoring user private feed searching new code to be dorked. Every new merged pull request trigger user scan.') + print( + 'Monitoring user private feed searching new code to be dorked.' + + 'Every new merged pull request trigger user scan.' + ) print('-----') items_history = list() - gh_private_feed = "https://github.com/{}.private.atom?token={}".format(gh_user, active_monit) + gh_private_feed = "https://github.com/{}.private.atom?token={}".format( + gh_user, active_monit) while True: feed = feedparser.parse(gh_private_feed) for i in feed['items']: if 'merged pull' in i['title']: if i['title'] not in items_history: - search(user_to_search=i['author_detail']['name'], gh_dorks_file=gh_dorks_file) + search( + user_to_search=i['author_detail']['name'], + gh_dorks_file=gh_dorks_file) items_history.append(i['title']) print('Waiting for new items...') time.sleep(refresh_time) -def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None): + +def search(repo_to_search=None, + user_to_search=None, + gh_dorks_file=None, + active_monit=None): if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') - print("Scanning user: ", user_to_search) + if user_to_search: + print("Scanning User: ", user_to_search) + if repo_to_search: + print("Scanning Repo: ", repo_to_search) found = False with open(gh_dorks_file, 'r') as dork_file: for dork in dork_file: @@ -106,11 +117,8 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ } result = '\n'.join([ 'Found result for {dork}', - 'Text matches: {text_matches}', - 'File path: {path}', - 'Score/Relevance: {score}', - 'URL of File: {url}', - '' + 'Text matches: {text_matches}', 'File path: {path}', + 'Score/Relevance: {score}', 'URL of File: {url}', '' ]).format(**fmt_args) print(result) except github.exceptions.GitHubError as e: @@ -128,15 +136,10 @@ def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_ def main(): parser = argparse.ArgumentParser( description='Search github for github dorks', - epilog='Use responsibly, Enjoy pentesting' - ) + epilog='Use responsibly, Enjoy pentesting') parser.add_argument( - '-v', - '--version', - action='version', - version='%(prog)s 0.1.1' - ) + '-v', '--version', action='version', version='%(prog)s 0.1.1') group = parser.add_mutually_exclusive_group(required=True) group.add_argument( @@ -144,31 +147,28 @@ def main(): '--user', dest='user_to_search', action='store', - help='Github user/org to search within. Eg: techgaun' - ) + help='Github user/org to search within. Eg: techgaun') group.add_argument( '-r', '--repo', dest='repo_to_search', action='store', - help='Github repo to search within. Eg: techgaun/github-dorks' - ) + help='Github repo to search within. Eg: techgaun/github-dorks') parser.add_argument( '-d', '--dork', dest='gh_dorks_file', action='store', - help='Github dorks file. Eg: github-dorks.txt' - ) + help='Github dorks file. Eg: github-dorks.txt') group.add_argument( '-m', '--monit', dest='active_monit', action='store', - help='Monitors Github user private feed. Need to provide token from feed. Find this token on feed icon at Github.com (when logged)' + help='Monitors Github user private feed with feed token' ) args = parser.parse_args() @@ -176,8 +176,8 @@ def main(): repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, gh_dorks_file=args.gh_dorks_file, - active_monit=args.active_monit - ) + active_monit=args.active_monit) + if __name__ == '__main__': main() diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..6deafc2 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,2 @@ +[flake8] +max-line-length = 120 From 88d8d5c8e2f30fd82ddedb9dffe80172a9a7954b Mon Sep 17 00:00:00 2001 From: R Conner Howell Date: Wed, 14 Jun 2017 16:52:32 -0700 Subject: [PATCH 15/41] Add option to export results to CSV (#26) --- github-dork.py | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/github-dork.py b/github-dork.py index 95ce286..b62f70f 100644 --- a/github-dork.py +++ b/github-dork.py @@ -47,9 +47,10 @@ def metasearch(repo_to_search=None, user_to_search=None, gh_dorks_file=None, active_monit=None, + output_filename=None, refresh_time=60): if active_monit is None: - search(repo_to_search, user_to_search, gh_dorks_file, active_monit) + search(repo_to_search, user_to_search, gh_dorks_file, active_monit, output_filename) else: monit(gh_dorks_file, active_monit, refresh_time) @@ -82,7 +83,9 @@ def monit(gh_dorks_file=None, active_monit=None, refresh_time=60): def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None, - active_monit=None): + active_monit=None, + output_filename=None): + if gh_dorks_file is None: gh_dorks_file = 'github-dorks.txt' if not os.path.isfile(gh_dorks_file): @@ -92,7 +95,15 @@ def search(repo_to_search=None, if repo_to_search: print("Scanning Repo: ", repo_to_search) found = False + + outputFile = None + if output_filename: + outputFile = open(output_filename, 'w') + with open(gh_dorks_file, 'r') as dork_file: + # Write CSV Header + if outputFile: + outputFile.write('Issue Type (Dork), Text Matches, File Path, Score/Relevance, URL of File\n') for dork in dork_file: dork = dork.strip() if not dork or dork[0] in '#;': @@ -115,12 +126,18 @@ def search(repo_to_search=None, 'score': search_result.score, 'url': search_result.html_url } - result = '\n'.join([ - 'Found result for {dork}', - 'Text matches: {text_matches}', 'File path: {path}', - 'Score/Relevance: {score}', 'URL of File: {url}', '' - ]).format(**fmt_args) - print(result) + + # Either write to file or print output + if outputFile: + outputFile.write('{dork}, {text_matches}, {path}, {score}, {url}\n'.format(**fmt_args)) + else: + result = '\n'.join([ + 'Found result for {dork}', + 'Text matches: {text_matches}', 'File path: {path}', + 'Score/Relevance: {score}', 'URL of File: {url}', '' + ]).format(**fmt_args) + print(result) + except github.exceptions.GitHubError as e: print('GitHubError encountered on search of dork: ' + dork) print(e) @@ -171,12 +188,21 @@ def main(): help='Monitors Github user private feed with feed token' ) + parser.add_argument( + '-o', + '--outputFile', + dest='output_filename', + action='store', + help='CSV File to write results to. This overwrites the file provided! Eg: out.csv' + ) + args = parser.parse_args() metasearch( repo_to_search=args.repo_to_search, user_to_search=args.user_to_search, gh_dorks_file=args.gh_dorks_file, - active_monit=args.active_monit) + active_monit=args.active_monit, + output_filename=args.output_filename) if __name__ == '__main__': From 647ee549c84e65400f25095d14128bbd013128a2 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 09:25:04 -0600 Subject: [PATCH 16/41] Added Django SECRET_KEYs. (#27) * Added pattern for django secret keys * Update README.md --- README.md | 1 + github-dorks.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 51fd741..6045779 100644 --- a/README.md +++ b/README.md @@ -118,3 +118,4 @@ xoxp OR xoxb | Slack bot and private tokens filename:logins.json | Firefox saved password collection (key3.db usually in same repo) filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords +filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) diff --git a/github-dorks.txt b/github-dorks.txt index 02a8a7f..4a0211d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -71,3 +71,4 @@ xoxp OR xoxb filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config +filename:settings.py SECRET_KEY From e5a58673894c5972b9a99a0d67f3c8b4c79fc405 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 20 Jul 2017 11:02:42 -0600 Subject: [PATCH 17/41] Added pull request templates (#28) * Create PULL_REQUEST_TEMPLATE.md * Moved to .github --- .github/PULL_REQUEST_TEMPLATE.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..98b90f0 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,13 @@ +### Please include all of the following fields when adding dorks/patterns +- Search URL: https://github.com/search?q= +- Number of search results at time of PR: +- Impact of data disclosed (see table below): +- Description of data disclosed: + +| Icon/Name | Description | Examples | +|-----------|---------------------------------------------------------------------------------------------------------|----------------------------------------------------------------| +❓ Unknown | The impact of this data is highly variable or unknown) | N/A | +➖ Low | This data will provide minimal access or mostly public information) | Non-stored XSS, Limited scope + read-only API access | +➕ Moderate | This data will provide some access or information | Stored XSS in some cases, read-only or limited write API access| +⚠️ High | This data will provide single-user access or secret information) | Usernames/passwords, OAuth tokens | +❗️ Critical | This data will provide complete control, access to several users, or confidential/personal information | Credential database dumps, AWS keys From d6c0014978f215cdeffe3075a7a7107c4ae039e5 Mon Sep 17 00:00:00 2001 From: Craig Hays Date: Wed, 28 Feb 2018 15:16:06 +0000 Subject: [PATCH 18/41] Adding Rails secrets.yml dork (#30) Rails uses a file secrets.yml to hold API keys and passwords. This should never be in github repositories... but it often is. Adding this to the list. --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 4a0211d..d256d1a 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -72,3 +72,4 @@ filename:logins.json filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY +filename:secrets.yml password From 86299220a1007a6e28843c69f0fb48b966c02503 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:12:16 -0700 Subject: [PATCH 19/41] Fixed extension filter usage for two dorks (closes #33) --- README.md | 4 ++-- github-dorks.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6045779..ad92d62 100644 --- a/README.md +++ b/README.md @@ -108,8 +108,8 @@ path:sites databases password | Drupal website database creden shodan_api_key language:python | Shodan API keys (try other languages too) filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems -extension:avastlic | Contains license keys for Avast! Antivirus -extension:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials +extension:avastlic "support.avast.com" | Contains license keys for Avast! Antivirus +filename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials filename:.esmtprc password | esmtp configuration extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..fa48128 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -60,8 +60,8 @@ shodan_api_key language:json shodan_api_key language:ruby filename:shadow path:etc filename:passwd path:etc -extension:avastlic -extension:dbeaver-data-sources.xml +extension:avastlic "support.avast.com" +filename:dbeaver-data-sources.xml filename:sftp-config.json filename:.esmtprc password extension:json googleusercontent client_secret From a4b0e49f6dcae37b3e21715f0bbf7f098742e09f Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:21:40 -0700 Subject: [PATCH 20/41] Added dorks using filenames from Git wiping (h/t @badpackets) --- github-dorks.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/github-dorks.txt b/github-dorks.txt index d256d1a..bd57188 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,3 +73,10 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:deployment-config.json +filename:.ftpconfig +filename:.remote-sync.json +filename:sftp.json path:.vscode +filename:sftp-config.json +filename:WebServers.xml + From cbd0af4bf4fdaf4095588d72177a7c1e3f84d9bf Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:41:05 -0700 Subject: [PATCH 21/41] Added descriptions for dorks --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6045779..1abb760 100644 --- a/README.md +++ b/README.md @@ -119,3 +119,9 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials +filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials +filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials +filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails +filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) From 07e311d4b98a1789494aea3827ed274da75db2d7 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 13:53:36 -0700 Subject: [PATCH 22/41] Removed existing dork --- github-dorks.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/github-dorks.txt b/github-dorks.txt index bd57188..02a8bde 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -77,6 +77,5 @@ filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode -filename:sftp-config.json filename:WebServers.xml From 1da777e7cc301a152637360d375145ac551d7afb Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sun, 12 May 2019 17:24:19 -0700 Subject: [PATCH 23/41] Quick typo fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f4b4812..028a774 100644 --- a/README.md +++ b/README.md @@ -124,4 +124,4 @@ filename:.ftpconfig | Created by remote-ssh for Atom filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials -filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775) +filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) From 3e22f76c5a6eb88b18ed06d7ebde3a2521432b44 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Sun, 8 Sep 2019 23:04:08 -0600 Subject: [PATCH 24/41] Add Rails' master.key to dorks list (#37) * Add Rails' master.key to dorks list Rails 5.2+ has a `config/credentials.yml.enc` file and `config/master.key` to decrypt it. If you decrypt the `credentials.yml.enc` file using this key, it'll have the secret key base that Rails uses to protect cookies. It may also have other credentials if the user added them, e.g. AWS keys. See this article for more info: https://www.engineyard.com/blog/rails-encrypted-credentials-on-rails-5.2 * Add path to master.key dork. To get rid of false positives. By default, Rails generates the master.key at config/master.key. * Updated readme with new dorks --- README.md | 2 ++ github-dorks.txt | 1 + 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 028a774..3364b8f 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ filename:logins.json | Firefox saved password collect filename:CCCam.cfg | CCCam Server config file msg nickserv identify filename:config | Possible IRC login passwords filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) +filename:secrets.yml password | Usernames/passwords, Rails applications +filename:master.key path:config | Rails master key (used for decrypting `credentials.yml.enc` for Rails 5.2+) filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials diff --git a/github-dorks.txt b/github-dorks.txt index d056518..8bcd5ec 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -73,6 +73,7 @@ filename:CCCam.cfg msg nickserv identify filename:config filename:settings.py SECRET_KEY filename:secrets.yml password +filename:master.key path:config filename:deployment-config.json filename:.ftpconfig filename:.remote-sync.json From ac14fecef1155ce2b9d5ce2b1777a71d8d2e473b Mon Sep 17 00:00:00 2001 From: techgaun Date: Sun, 17 May 2020 12:37:00 -0500 Subject: [PATCH 25/41] bugfix: return instead of raise closes #38 --- github-dork.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-dork.py b/github-dork.py index b62f70f..1ca7274 100644 --- a/github-dork.py +++ b/github-dork.py @@ -27,7 +27,7 @@ def search_wrapper(gen): try: yield next(gen) except StopIteration: - raise + return except github.exceptions.ForbiddenError as e: search_rate_limit = gh.rate_limit()['resources']['search'] # limit_remaining = search_rate_limit['remaining'] From 07e04721b0a78c978cb145c57aa113f4cc92edf3 Mon Sep 17 00:00:00 2001 From: techgaun Date: Tue, 19 May 2020 22:41:34 -0500 Subject: [PATCH 26/41] add funding info --- .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..1f487de --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: techgaun From a6dc3873166878f0489094a97a1c12a7bd09df53 Mon Sep 17 00:00:00 2001 From: verdantfire Date: Mon, 26 Oct 2020 18:41:13 +0530 Subject: [PATCH 27/41] Readability changes to README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3364b8f..58ca490 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Github Dorks -[Github search](https://github.com/search) is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. +[Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. ### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. Its not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. #### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. @@ -14,18 +14,18 @@ pip install -r requirements.txt #### Usage ``` -GH_USER - Environment variable to specify github user +GH_USER - Environment variable to specify Github user GH_PWD - Environment variable to specify password -GH_TOKEN - Environment variable to specify github token +GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search single repo +python github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of user +python github-dork.py -u techgaun # search all repos of a user python github-dork.py -u dev-nepal # search all repos of an organization @@ -43,10 +43,10 @@ GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search - ~~Handle rate limit and retry. PR welcome~~ ### Contribution -Please consider contributing the dorks that can reveal potentially sensitive information in github. +Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks -I am not categorizing at the moment. Instead I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). +I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description ------------------------------------------------|-------------------------------------------------------------------------- From 1a37c436421135efb2dcbdb1f131c3260b20e504 Mon Sep 17 00:00:00 2001 From: David McKennirey Date: Sun, 10 Jan 2021 10:07:15 -0500 Subject: [PATCH 28/41] Update Github Dorks file to include the jupyter_notebook_config.json file, which saves the hashed password of a jupyter notebook server. (https://jupyter-notebook.readthedocs.io/en/stable/public_server.html\#automatic-password-setup) --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index 8bcd5ec..a49724d 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -79,4 +79,5 @@ filename:.ftpconfig filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml +filename:jupyter_notebook_config.json From 0251305a841f9d6a4567430173660c0c7fc0bca5 Mon Sep 17 00:00:00 2001 From: techgaun Date: Mon, 18 Jan 2021 00:44:32 -0600 Subject: [PATCH 29/41] upgrade feedparser to fix base64 change in python3.9 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9b4e16f..cfe346b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ github3.py==1.0.0a2 -feedparser==5.1.3 +feedparser==6.0.2 From 5a5bdbb946c5044a486f837a540b34d0479ccc7c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:54:57 +0300 Subject: [PATCH 30/41] add telegram API token --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..e3ddb46 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"api_hash" "api_id" | Telegram API token diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..792354c 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"api_hash" "api_id" From e0924081d789c2272b2b8f2ac5facca6dc8b9e6a Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:57:09 +0300 Subject: [PATCH 31/41] add slack services --- README.md | 1 + github-dorks.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..12ef5c4 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,4 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +"https://hooks.slack.com/services/" | Slack services URL often have secret API token as a suffix diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..ab91fd6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,4 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +"https://hooks.slack.com/services/" From 0273d511c28035d6b6a88bde39c5fdf55f0b03d6 Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 12:59:40 +0300 Subject: [PATCH 32/41] add github gitlab and discord recovery codes --- README.md | 3 +++ github-dorks.txt | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..f31a54e 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,6 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +filename:github-recovery-codes.txt | GitHub recovery key +filename:gitlab-recovery-codes.txt | GitLab recovery key +filename:discord_backup_codes.txt | Discord recovery key diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..6e67381 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,6 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +filename:github-recovery-codes.txt +filename:gitlab-recovery-codes.txt +filename:discord_backup_codes.txt From c12029ead6708aca4d33da9e447eadf69076b39c Mon Sep 17 00:00:00 2001 From: donno2048 Date: Sun, 26 Sep 2021 13:10:26 +0300 Subject: [PATCH 33/41] fix issues with readme according to MD022 'Headings should be surrounded by blank lines' according to MD001 'Heading levels should only increment by one level at a time' use `a basic` not `basic`, `the text file` not `text file` and `a password` not `password` --- README.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 58ca490..d755738 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,26 @@ # Github Dorks + [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. -### GitHub Dork Search Tool -[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in text file. +## GitHub Dork Search Tool + +[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file. + +### Installation -#### Installation This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API. Clone this repository and run: + ```shell pip install -r requirements.txt ``` -#### Usage +### Usage + ``` GH_USER - Environment variable to specify Github user -GH_PWD - Environment variable to specify password +GH_PWD - Environment variable to specify a password GH_TOKEN - Environment variable to specify Github token GH_URL - Environment variable to specify GitHub Enterprise base URL ``` @@ -36,16 +41,18 @@ GH_TOKEN= python github-dork.py -u dev-nepal # search GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` -#### Limitations +### Limitations - Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow. - Output formatting is not great. PR welcome - ~~Handle rate limit and retry. PR welcome~~ ### Contribution + Please consider contributing dorks that can reveal potentially sensitive information on Github. ### List of Dorks + I am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane). Dork | Description From 327d725f14e182115a832e21692f4b99e6107ad8 Mon Sep 17 00:00:00 2001 From: Hexiro <42787085+Hexiro@users.noreply.github.com> Date: Sun, 3 Oct 2021 19:34:16 -0400 Subject: [PATCH 34/41] add `cloud.redislabs.com` url in yaml/json --- README.md | 2 ++ github-dorks.txt | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 58ca490..84eb7c5 100644 --- a/README.md +++ b/README.md @@ -127,3 +127,5 @@ filename:.remote-sync.json | Created by remote-sync for Ato filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775)) +extension:yaml cloud.redislabs.com | Redis credentials provided by Redis Labs found in a YAML file +extension:json cloud.redislabs.com | Redis credentials provided by Redis Labs found in a JSON file diff --git a/github-dorks.txt b/github-dorks.txt index a49724d..753d824 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -80,4 +80,5 @@ filename:.remote-sync.json filename:sftp.json path:.vscode filename:WebServers.xml filename:jupyter_notebook_config.json - +extension:yaml cloud.redislabs.com +extension:json cloud.redislabs.com From c7e4c684ba96bb0713511e449f1cd7a825b3ab4b Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 14:57:48 +0100 Subject: [PATCH 35/41] Add setup.py This commit adds a setup.py file to allow users to install github-dorks more easily. --- README.md | 14 +++++++------- setup.py | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 setup.py diff --git a/README.md b/README.md index 7b51b82..3f24dd5 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk Clone this repository and run: ```shell -pip install -r requirements.txt +pip install . ``` ### Usage @@ -28,17 +28,17 @@ GH_URL - Environment variable to specify GitHub Enterprise base URL Some example usages are listed below: ```shell -python github-dork.py -r techgaun/github-dorks # search a single repo +github-dork.py -r techgaun/github-dorks # search a single repo -python github-dork.py -u techgaun # search all repos of a user +github-dork.py -u techgaun # search all repos of a user -python github-dork.py -u dev-nepal # search all repos of an organization +github-dork.py -u dev-nepal # search all repos of an organization -GH_USER=techgaun GH_PWD= python github-dork.py -u dev-nepal # search as authenticated user +GH_USER=techgaun GH_PWD= github-dork.py -u dev-nepal # search as authenticated user -GH_TOKEN= python github-dork.py -u dev-nepal # search using auth token +GH_TOKEN= github-dork.py -u dev-nepal # search using auth token -GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance +GH_URL=https://github.example.com github-dork.py -u dev-nepal # search a GitHub Enterprise instance ``` ### Limitations diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..faadf24 --- /dev/null +++ b/setup.py @@ -0,0 +1,20 @@ +from setuptools import setup + +with open('README.md', 'r') as f: + long_description = f.read() + +setup( + name='github-dorks', + version='0.1', + description='Find leaked secrets via github search.', + license='Apache License 2.0', + long_description=long_description, + author='Samar Dhwoj Acharya (@techgaun)', + long_description_content_type='text/markdown', + scripts=['github-dork.py'], + data_files=[('github-dorks', ['github-dorks.txt'])], + install_requires=[ + 'github3.py==1.0.0a2', + 'feedparser==6.0.2', + ], +) From 27f5385d7c047e21abd7bd252f3ae381f85e0917 Mon Sep 17 00:00:00 2001 From: Joris Hartog Date: Thu, 2 Dec 2021 15:28:18 +0100 Subject: [PATCH 36/41] Also look for github-dorks.txt in sys.prefix --- github-dork.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/github-dork.py b/github-dork.py index 1ca7274..713cbc1 100644 --- a/github-dork.py +++ b/github-dork.py @@ -7,7 +7,7 @@ import time import feedparser from copy import copy -from sys import stderr +from sys import stderr, prefix gh_user = os.getenv('GH_USER', None) gh_pass = os.getenv('GH_PWD', None) @@ -87,7 +87,12 @@ def search(repo_to_search=None, output_filename=None): if gh_dorks_file is None: - gh_dorks_file = 'github-dorks.txt' + for path_prefix in ['.', os.path.join(prefix, 'github-dorks/')]: + filename = os.path.join(path_prefix, 'github-dorks.txt') + if os.path.isfile(filename): + gh_dorks_file = filename + break + if not os.path.isfile(gh_dorks_file): raise Exception('Error, the dorks file path is not valid') if user_to_search: From ab447249f691ace198edd570c8329801153beae8 Mon Sep 17 00:00:00 2001 From: dbfreem Date: Fri, 15 Dec 2023 22:29:03 -0500 Subject: [PATCH 37/41] bumped github3.py dependency --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index faadf24..979e932 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ scripts=['github-dork.py'], data_files=[('github-dorks', ['github-dorks.txt'])], install_requires=[ - 'github3.py==1.0.0a2', + 'github3.py==4.0.1', 'feedparser==6.0.2', ], ) From d50a677beae7b7c2972eba86ab42d28dab57fd35 Mon Sep 17 00:00:00 2001 From: Samar Dhwoj Acharya <1886670+techgaun@users.noreply.github.com> Date: Tue, 19 Dec 2023 10:06:50 -0600 Subject: [PATCH 38/41] add datadog api key dork --- github-dorks.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/github-dorks.txt b/github-dorks.txt index a96b015..c5625a6 100644 --- a/github-dorks.txt +++ b/github-dorks.txt @@ -87,3 +87,4 @@ filename:gitlab-recovery-codes.txt filename:discord_backup_codes.txt extension:yaml cloud.redislabs.com extension:json cloud.redislabs.com +DATADOG_API_KEY language:shell From b948dba8c0038ac3041f5dbce079bc6ba74c8840 Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:34:04 -0500 Subject: [PATCH 39/41] build with Dockerfile --- Dockerfile | 31 +++++++++++++++++++++++++++++++ README.md | 18 ++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0d8ecb9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Use Python 3.8 as base - this version has good compatibility with older packages +FROM python:3.8-slim + +# Set working directory +WORKDIR /app + +# Install git (needed for pip install from git repos) +RUN apt-get update && \ + apt-get install -y git && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Copy only the necessary files +COPY github-dork.py /app/ +COPY github-dorks.txt /app/ +COPY setup.py /app/ +COPY README.md /app/ +COPY requirements.txt /app/ + +# Install dependencies +# Using the specific version of github3.py that's known to work +RUN pip install --no-cache-dir github3.py==1.0.0a2 feedparser==6.0.2 + +# Set environment variables +ENV PYTHONUNBUFFERED=1 +ENV PYTHONIOENCODING=UTF-8 + +# Create volume for potential output files +VOLUME ["/app/output"] + +ENTRYPOINT ["python", "github-dork.py"] \ No newline at end of file diff --git a/README.md b/README.md index 3f24dd5..7daa065 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,24 @@ Clone this repository and run: pip install . ``` +### Docker Installation + +You can also run github-dorks using Docker for a consistent environment: + +```shell +# Build the Docker image +docker build -t github-dorks . + +# Run with a GitHub token (recommended) +docker run -e GH_TOKEN=your_github_token github-dorks -u someuser + +# Run with username/password +docker run -e GH_USER=your_username -e GH_PWD=your_password github-dorks -u someuser + +# Save results to a CSV file +docker run -v $(pwd)/output:/app/output -e GH_TOKEN=your_github_token github-dorks -u someuser -o /app/output/results.csv +``` + ### Usage ``` From 2a6109777e95fdcee5a667ee722586c55564078c Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:37:35 -0500 Subject: [PATCH 40/41] CI: docker build --- .github/workflows/docker-build.yml | 37 ++++++++++++++++++++++++++++++ README.md | 2 ++ 2 files changed, 39 insertions(+) create mode 100644 .github/workflows/docker-build.yml diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..f243f8e --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,37 @@ +name: Docker Build & Test + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + load: true + tags: github-dorks:test + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Test Docker image + run: | + # Test the version flag + docker run github-dorks:test -v + + # Basic test with a public repo (no auth needed) + docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt + + - name: Verify image size + run: docker image ls github-dorks:test diff --git a/README.md b/README.md index 7daa065..eb36e4f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Docker Build & Test](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml/badge.svg)](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml) + # Github Dorks [Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems. From 2395986e18ef75dfa7bc02df849660f2f0483b6d Mon Sep 17 00:00:00 2001 From: szTheory Date: Sun, 2 Feb 2025 00:40:55 -0500 Subject: [PATCH 41/41] CI simplify build --- .github/workflows/docker-build.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index f243f8e..8476c21 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -27,11 +27,8 @@ jobs: - name: Test Docker image run: | - # Test the version flag + # Test the version flag with version flag docker run github-dorks:test -v - - # Basic test with a public repo (no auth needed) - docker run github-dorks:test -r techgaun/github-dorks -d github-dorks-test.txt - name: Verify image size run: docker image ls github-dorks:test