├── tf └── TOKENSFILE ├── requirements.txt ├── GitDorker.png ├── GitDorker Help.png ├── GitDorker Results.png ├── GitDorker Usage Example - Tesla.png ├── dummycreds ├── Dockerfile ├── README.md ├── Dorks ├── medium_dorks.txt └── alldorksv3 └── GitDorker.py /tf/TOKENSFILE: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | termcolor 2 | tqdm 3 | requests 4 | -------------------------------------------------------------------------------- /GitDorker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obheda12/GitDorker/HEAD/GitDorker.png -------------------------------------------------------------------------------- /GitDorker Help.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obheda12/GitDorker/HEAD/GitDorker Help.png -------------------------------------------------------------------------------- /GitDorker Results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obheda12/GitDorker/HEAD/GitDorker Results.png -------------------------------------------------------------------------------- /GitDorker Usage Example - Tesla.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obheda12/GitDorker/HEAD/GitDorker Usage Example - Tesla.png -------------------------------------------------------------------------------- /dummycreds: -------------------------------------------------------------------------------- 1 | These are GitDorker Credentials 2 | password = 123456 3 | test = test 4 | supersecret = secret 5 | youwillneverfindme 6 | api_key = o123y1houejnduqedgbij 7 | apikey = 1oi2egquewfihacoju9dfd 8 | AWS_KEY = nou9W7E89U0I3PDQONP4FOVDFSFSG 9 | ftp login = ftp://127.0.0.1 10 | db_user = admin 11 | db_password = password 12 | connectionstring = Provider=SQLNCLI11;Data Source=myServerAddress;Failover Partner=myMirrorServerAddress;Initial Catalog=myDataBase;Integrated Security=True; 13 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | LABEL MAINTAINER Furkan SAYIM | furkan.sayim@yandex.com 3 | 4 | RUN apk update && \ 5 | apk upgrade 6 | 7 | RUN apk add --no-cache python3 && \ 8 | python3 -m ensurepip && \ 9 | rm -r /usr/lib/python*/ensurepip && \ 10 | pip3 install --upgrade pip setuptools && \ 11 | if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && \ 12 | if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi && \ 13 | rm -r /root/.cache 14 | 15 | RUN apk add git 16 | RUN git clone https://github.com/obheda12/GitDorker.git /tmp/gitdorker 17 | 18 | WORKDIR /tmp/gitdorker 19 | 20 | RUN pip3 install -r requirements.txt 21 | 22 | ENTRYPOINT ["python3", "GitDorker.py"] 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Logo](https://github.com/obheda12/GitDorker/blob/master/GitDorker.png) 2 | 3 | # GitDorker 4 | GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query. 5 | 6 | The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface to begin harvesting sensitive information on GitHub. GitDorker can be used with additional tools such as GitRob or Trufflehog on interesting repos or users discovered from GitDorker to produce best results. 7 | 8 | ## In Depth How to Video and Use Cases 9 | https://youtu.be/UwzB5a5GrZk 10 | 11 | ## Rate Limits 12 | GitDorker utilizes the GitHub Search API and is limited to 30 requests per minute. In order to prevent rate limites a sleep function is built into GitDorker after every 30 requests to prevent search failures. Therefore, if one were to run use the alldorks.txt file with GitDorker, the process will take roughly 5 minutes to complete. 13 | 14 | ## Requirements 15 | ** Python3 16 | 17 | ** GitHub Personal Access Token 18 | 19 | ** Install requirements inside of the requirements.txt file of this repo (pip3 install -r requirements.txt) 20 | 21 | Please follow the guide below if you are unsure of how to create a personal access token: 22 | https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token 23 | 24 | ## Recommendations 25 | It is recommended to provide GitDorker with at least two GitHub personal access tokens so that it may alternate between the two during the dorking process and reduce the likelihood of being rate limited. Using multiple tokens from separate GitHub accounts will provide the best results. 26 | 27 | ## Dorks 28 | Within the dorks folder are a list of dorks. It is recommended to use the "alldorks.txt" file when mapping out your github secrets attack surface. The "alldorks.txt" is my collection of dorks that i've pulled from various resources, totalling to 239 individual dorks of sensitive github information. 29 | 30 | ## Usage 31 | I've created a blog post with far more detail in how to use GitDorker and potential use cases here: https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5 32 | 33 | For a full detailed look of use cases and how to use GitDorker's most updated features please see the BlackHat Presentation below: 34 | https://youtu.be/UwzB5a5GrZk 35 | 36 | Help Output: 37 | 38 | ![Help](https://github.com/obheda12/GitDorker/blob/master/GitDorker%20Help.png) 39 | 40 | ## Docker 41 | 42 | ```bash 43 | 44 | ## Build Command 45 | docker build -t gitdorker . 46 | 47 | ## Basic Run Command 48 | docker run -it gitdorker 49 | 50 | ## Run Command 51 | docker run -it -v $(pwd)/tf:/tf gitdorker -tf tf/TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla 52 | 53 | ## Run Command 54 | docker run -it -v $(pwd)/tf:/tf xshuden/gitdorker -tf tf/TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla 55 | 56 | ``` 57 | 58 | ## Screenshots 59 | Below is an example of the results from running the query "tesla.com" with a small list of dorks. 60 | 61 | The following command was run to query for "tesla.com" against a list of dorks: 62 | 63 | `python3 GitDorker.py -tf TOKENSFILE -q tesla.com -d Dorks/DORKFILE -o tesla` 64 | 65 | ![Results](https://github.com/obheda12/GitDorker/blob/master/GitDorker%20Usage%20Example%20-%20Tesla.png) 66 | 67 | Note: The more advanced queries you put (i.e incorporation of user, org, endpoint information, etc. the more succint results you will achieve) 68 | 69 | ## If you like GitDorker and want to see more cool tools! 70 | Buy Me A Coffee 71 | 72 | # Credits 73 | Reference points for creating GitDorker and compiling dorks lists 74 | 75 | - [@gwendallecoguic](https://github.com/gwen001) - special thank you to gwendall and his scripts that provided me with the framework for creating GitDorker. 76 | - [@techgaun](https://github.com/techgaun) - His list of dorks provided a fantastic base for the dorks file 77 | - [@Shashank-In](https://github.com/Shashank-In) - His list of Travis leaks helped add additional dorks 78 | - [@Jhaddix](https://github.com/jhaddix) - Methodology and reference for dorks 79 | 80 | # Disclaimer 81 | 82 | This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool. 83 | -------------------------------------------------------------------------------- /Dorks/medium_dorks.txt: -------------------------------------------------------------------------------- 1 | ".mlab.com password" 2 | "AWSSecretKey" 3 | "JEKYLL_GITHUB_TOKEN" 4 | "SF_USERNAME salesforce" 5 | "access_key" 6 | "access_token" 7 | "amazonaws" 8 | "apiSecret" 9 | "api_key" 10 | "api_secret" 11 | "apidocs" 12 | "apikey" 13 | "app_key" 14 | "app_secret" 15 | "appkey" 16 | "appkeysecret" 17 | "application_key" 18 | "appsecret" 19 | "appspot" 20 | "auth" 21 | "auth_token" 22 | "authorizationToken" 23 | "aws_access" 24 | "aws_access_key_id" 25 | "aws_key" 26 | "aws_secret" 27 | "aws_token" 28 | "bashrc password" 29 | "bucket_password" 30 | "client_secret" 31 | "cloudfront" 32 | "codecov_token" 33 | "config" 34 | "conn.login" 35 | "connectionstring" 36 | "consumer_key" 37 | "credentials" 38 | "database_password" 39 | "db_password" 40 | "db_username" 41 | "dbpasswd" 42 | "dbpassword" 43 | "dbuser" 44 | "dot-files" 45 | "dotfiles" 46 | "encryption_key" 47 | "fabricApiSecret" 48 | "fb_secret" 49 | "firebase" 50 | "ftp" 51 | "gh_token" 52 | "github_key" 53 | "github_token" 54 | "gitlab" 55 | "gmail_password" 56 | "gmail_username" 57 | "api.googlemaps AIza" 58 | "herokuapp" 59 | "internal" 60 | "irc_pass" 61 | "key" 62 | "keyPassword" 63 | "ldap_password" 64 | "ldap_username" 65 | "login" 66 | "mailchimp" 67 | "mailgun" 68 | "master_key" 69 | "mydotfiles" 70 | "mysql" 71 | "node_env" 72 | "npmrc _auth" 73 | "oauth_token" 74 | "pass" 75 | "passwd" 76 | "password" 77 | "passwords" 78 | "pem private" 79 | "preprod" 80 | "private_key" 81 | "prod" 82 | "pwd" 83 | "pwds" 84 | "rds.amazonaws.com password" 85 | "redis_password" 86 | "root_password" 87 | "secret" 88 | "secret.password" 89 | "secret_access_key" 90 | "secret_key" 91 | "secret_token" 92 | "secrets" 93 | "secure" 94 | "security_credentials" 95 | "send.keys" 96 | "send_keys" 97 | "sendkeys" 98 | "sf_username" 99 | "slack_api" 100 | "slack_token" 101 | "sql_password" 102 | "ssh" 103 | "ssh2_auth_password" 104 | "sshpass" 105 | "staging" 106 | "stg" 107 | "storePassword" 108 | "stripe" 109 | "swagger" 110 | "testuser" 111 | "token" 112 | "x-api-key" 113 | "xoxp" 114 | "xoxb " 115 | HEROKU_API_KEY language:json 116 | HEROKU_API_KEY language:shell 117 | HOMEBREW_GITHUB_API_TOKEN language:shell 118 | PT_TOKEN language:bash 119 | [WFClient] Password= extension:ica 120 | extension:avastlic "support.avast.com" 121 | extension:bat 122 | extension:cfg 123 | extension:env 124 | extension:exs 125 | extension:ini 126 | extension:json api.forecast.io 127 | extension:json googleusercontent client_secret 128 | extension:json mongolab.com 129 | extension:pem 130 | extension:pem private 131 | extension:ppk 132 | extension:ppk private 133 | extension:properties 134 | extension:sh 135 | extension:sls 136 | extension:sql 137 | extension:sql mysql dump 138 | extension:sql mysql dump password 139 | extension:yaml mongolab.com 140 | extension:zsh 141 | filename:.bash_history 142 | filename:.bash_profile aws 143 | filename:.bashrc mailchimp 144 | filename:.bashrc password 145 | filename:.cshrc 146 | filename:.dockercfg auth 147 | filename:.env DB_USERNAME NOT homestead 148 | filename:.env MAIL_HOST=smtp.gmail.com 149 | filename:.esmtprc password 150 | filename:.ftpconfig 151 | filename:.git-credentials 152 | filename:.history 153 | filename:.htpasswd 154 | filename:.netrc password 155 | filename:.npmrc _auth 156 | filename:.pgpass 157 | filename:.remote-sync.json 158 | filename:.s3cfg 159 | filename:.sh_history 160 | filename:.tugboat NOT _tugboat 161 | filename:CCCam.cfg 162 | filename:WebServers.xml 163 | filename:_netrc password 164 | filename:bash 165 | filename:bash_history 166 | filename:bash_profile 167 | filename:bashrc 168 | filename:beanstalkd.yml 169 | filename:composer.json 170 | filename:config 171 | filename:config irc_pass 172 | filename:config.json auths 173 | filename:config.php dbpasswd 174 | filename:configuration.php JConfig password 175 | filename:connections 176 | filename:connections.xml 177 | filename:constants 178 | filename:credentials 179 | filename:credentials aws_access_key_id 180 | filename:cshrc 181 | filename:database 182 | filename:dbeaver-data-sources.xml 183 | filename:deploy.rake 184 | filename:deployment-config.json 185 | filename:dhcpd.conf 186 | filename:dockercfg 187 | filename:environment 188 | filename:express.conf 189 | filename:express.conf path:.openshift 190 | filename:filezilla.xml 191 | filename:filezilla.xml Pass 192 | filename:git-credentials 193 | filename:gitconfig 194 | filename:global 195 | filename:history 196 | filename:htpasswd 197 | filename:hub oauth_token 198 | filename:id_dsa 199 | filename:id_rsa 200 | filename:id_rsa or filename:id_dsa 201 | filename:idea14.key 202 | filename:known_hosts 203 | filename:logins.json 204 | filename:makefile 205 | filename:master.key path:config 206 | filename:netrc 207 | filename:npmrc 208 | filename:pass 209 | filename:passwd path:etc 210 | filename:pgpass 211 | filename:prod.exs 212 | filename:prod.exs NOT prod.secret.exs 213 | filename:prod.secret.exs 214 | filename:proftpdpasswd 215 | filename:recentservers.xml 216 | filename:recentservers.xml Pass 217 | filename:robomongo.json 218 | filename:s3cfg 219 | filename:secrets.yml password 220 | filename:server.cfg 221 | filename:server.cfg rcon password 222 | filename:settings 223 | filename:settings.py SECRET_KEY 224 | filename:sftp-config.json 225 | filename:sftp.json path:.vscode 226 | filename:shadow 227 | filename:shadow path:etc 228 | filename:spec 229 | filename:sshd_config 230 | filename:tugboat 231 | filename:ventrilo_srv.ini 232 | filename:wp-config 233 | filename:wp-config.php 234 | filename:zhrc 235 | jsforce extension:js conn.login 236 | language:yaml -filename:travis 237 | msg nickserv identify filename:config 238 | path:sites databases password 239 | private -language:java 240 | shodan_api_key language:python 241 | -------------------------------------------------------------------------------- /Dorks/alldorksv3: -------------------------------------------------------------------------------- 1 | .mlab.com password 2 | WFClient Password extension:ica 3 | access_key 4 | access_token 5 | admin_pass 6 | admin_user 7 | algolia_admin_key 8 | algolia_api_key 9 | alias_pass 10 | alicloud_access_key 11 | amazon_secret_access_key 12 | amazonaws 13 | ansible_vault_password 14 | aos_key 15 | api_key 16 | api_key_secret 17 | api_key_sid 18 | api_secret 19 | api.googlemaps AIza 20 | apidocs 21 | apikey 22 | apiSecret 23 | app_debug 24 | app_id 25 | app_key 26 | app_log_level 27 | app_secret 28 | appkey 29 | appkeysecret 30 | application_key 31 | appsecret 32 | appspot 33 | auth_token 34 | authorizationToken 35 | authsecret 36 | aws_access 37 | aws_access_key_id 38 | aws_bucket 39 | aws_key 40 | aws_secret 41 | aws_secret_key 42 | aws_token 43 | AWSSecretKey 44 | b2_app_key 45 | bashrc password 46 | bintray_apikey 47 | bintray_gpg_password 48 | bintray_key 49 | bintraykey 50 | bluemix_api_key 51 | bluemix_pass 52 | browserstack_access_key 53 | bucket_password 54 | bucketeer_aws_access_key_id 55 | bucketeer_aws_secret_access_key 56 | built_branch_deploy_key 57 | bx_password 58 | cache_driver 59 | cache_s3_secret_key 60 | cattle_access_key 61 | cattle_secret_key 62 | certificate_password 63 | ci_deploy_password 64 | client_secret 65 | client_zpk_secret_key 66 | clojars_password 67 | cloud_api_key 68 | cloud_watch_aws_access_key 69 | cloudant_password 70 | cloudflare_api_key 71 | cloudflare_auth_key 72 | cloudinary_api_secret 73 | cloudinary_name 74 | codecov_token 75 | config 76 | conn.login 77 | connectionstring 78 | consumer_key 79 | consumer_secret 80 | credentials 81 | cypress_record_key 82 | database_password 83 | database_schema_test 84 | datadog_api_key 85 | datadog_app_key 86 | db_password 87 | db_server 88 | db_username 89 | dbpasswd 90 | dbpassword 91 | dbuser 92 | deploy_password 93 | digitalocean_ssh_key_body 94 | digitalocean_ssh_key_ids 95 | docker_hub_password 96 | docker_key 97 | docker_pass 98 | docker_passwd 99 | docker_password 100 | dockerhub_password 101 | dockerhubpassword 102 | dot-files 103 | dotfiles 104 | droplet_travis_password 105 | dynamoaccesskeyid 106 | dynamosecretaccesskey 107 | elastica_host 108 | elastica_port 109 | elasticsearch_password 110 | encryption_key 111 | encryption_password 112 | env.heroku_api_key 113 | env.sonatype_password 114 | eureka.awssecretkey 115 | extension:avastlic support.avast.com 116 | extension:bat 117 | extension:cfg 118 | extension:dbeaver-data-sources.xml 119 | extension:env 120 | extension:exs 121 | extension:ini 122 | extension:json api.forecast.io 123 | extension:json googleusercontent client_secret 124 | extension:json mongolab.com 125 | extension:pem 126 | extension:pem private 127 | extension:ppk 128 | extension:ppk private 129 | extension:properties 130 | extension:sh 131 | extension:sls 132 | extension:sql 133 | extension:sql mysql dump 134 | extension:sql mysql dump password 135 | extension:yaml mongolab.com 136 | extension:zsh 137 | fabricApiSecret 138 | facebook_secret 139 | fb_secret 140 | filename:_netrc password 141 | filename:.bash_history 142 | filename:.bash_profile aws 143 | filename:.bashrc mailchimp 144 | filename:.bashrc password 145 | filename:.cshrc 146 | filename:.dockercfg auth 147 | filename:.env DB_USERNAME NOT homestead 148 | filename:.env MAIL_HOSTsmtp.gmail.com 149 | filename:.esmtprc password 150 | filename:.ftpconfig 151 | filename:.git-credentials 152 | filename:.history 153 | filename:.htpasswd 154 | filename:.netrc password 155 | filename:.npmrc _auth 156 | filename:.pgpass 157 | filename:.remote-sync.json 158 | filename:.s3cfg 159 | filename:.sh_history 160 | filename:.tugboat NOT _tugboat 161 | filename:bash 162 | filename:bash_history 163 | filename:bash_profile 164 | filename:bashrc 165 | filename:beanstalkd.yml 166 | filename:CCCam.cfg 167 | filename:composer.json 168 | filename:config 169 | filename:config irc_pass 170 | filename:config.json auths 171 | filename:config.php dbpasswd 172 | filename:configuration.php JConfig password 173 | filename:connections 174 | filename:connections.xml 175 | filename:constants 176 | filename:credentials 177 | filename:credentials aws_access_key_id 178 | filename:cshrc 179 | filename:database 180 | filename:dbeaver-data-sources.xml 181 | filename:deploy.rake 182 | filename:deployment-config.json 183 | filename:dhcpd.conf 184 | filename:dockercfg 185 | filename:env 186 | filename:environment 187 | filename:express.conf 188 | filename:express.conf path:.openshift 189 | filename:filezilla.xml 190 | filename:filezilla.xml Pass 191 | filename:git-credentials 192 | filename:gitconfig 193 | filename:global 194 | filename:history 195 | filename:htpasswd 196 | filename:hub oauth_token 197 | filename:id_dsa 198 | filename:id_rsa 199 | filename:id_rsa or filename:id_dsa 200 | filename:idea14.key 201 | filename:known_hosts 202 | filename:logins.json 203 | filename:makefile 204 | filename:master.key path:config 205 | filename:netrc 206 | filename:npmrc 207 | filename:pass 208 | filename:passwd path:etc 209 | filename:pgpass 210 | filename:prod.exs 211 | filename:prod.exs NOT prod.secret.exs 212 | filename:prod.secret.exs 213 | filename:proftpdpasswd 214 | filename:recentservers.xml 215 | filename:recentservers.xml Pass 216 | filename:robomongo.json 217 | filename:s3cfg 218 | filename:secrets.yml password 219 | filename:server.cfg 220 | filename:server.cfg rcon password 221 | filename:settings 222 | filename:settings.py SECRET_KEY 223 | filename:sftp-config.json 224 | filename:sftp.json path:.vscode 225 | filename:shadow 226 | filename:shadow path:etc 227 | filename:spec 228 | filename:sshd_config 229 | filename:tugboat 230 | filename:ventrilo_srv.ini 231 | filename:WebServers.xml 232 | filename:wp-config 233 | filename:wp-config.php 234 | filename:zhrc 235 | firebase 236 | flickr_api_key 237 | fossa_api_key 238 | ftp 239 | ftp_password 240 | gatsby_wordpress_base_url 241 | gatsby_wordpress_client_id 242 | gatsby_wordpress_user 243 | gh_api_key 244 | gh_token 245 | ghost_api_key 246 | github_api_key 247 | github_deploy_hb_doc_pass 248 | github_id 249 | github_key 250 | github_password 251 | github_token 252 | gitlab 253 | gmail_password 254 | gmail_username 255 | google_maps_api_key 256 | google_private_key 257 | google_secret 258 | google_server_key 259 | gpg_key_name 260 | gpg_keyname 261 | gpg_passphrase 262 | HEROKU_API_KEY language:json 263 | HEROKU_API_KEY language:shell 264 | heroku_oauth 265 | heroku_oauth_secret 266 | heroku_oauth_token 267 | heroku_secret 268 | heroku_secret_token 269 | herokuapp 270 | HOMEBREW_GITHUB_API_TOKEN language:shell 271 | htaccess_pass 272 | htaccess_user 273 | incident_channel_name 274 | internal 275 | irc_pass 276 | JEKYLL_GITHUB_TOKEN 277 | jsforce extension:js conn.login 278 | jwt_client_secret_key 279 | jwt_lookup_secert_key 280 | jwt_password 281 | jwt_secret 282 | jwt_secret_key 283 | jwt_token 284 | jwt_user 285 | jwt_web_secert_key 286 | jwt_xmpp_secert_key 287 | key 288 | keyPassword 289 | language:yaml -filename:travis 290 | ldap_password 291 | ldap_username 292 | linux_signing_key 293 | ll_shared_key 294 | location_protocol 295 | log_channel 296 | login 297 | lottie_happo_api_key 298 | lottie_happo_secret_key 299 | lottie_s3_api_key 300 | lottie_s3_secret_key 301 | magento password 302 | mail_password 303 | mail_port 304 | mailchimp 305 | mailchimp_api_key 306 | mailchimp_key 307 | mailgun 308 | mailgun apikey 309 | mailgun_key 310 | mailgun_password 311 | mailgun_priv_key 312 | mailgun_secret_api_key 313 | manage_key 314 | mandrill_api_key 315 | mapbox api key 316 | master_key 317 | mg_api_key 318 | mg_public_api_key 319 | mh_apikey 320 | mh_password 321 | mile_zero_key 322 | minio_access_key 323 | minio_secret_key 324 | mix_pusher_app_cluster 325 | mix_pusher_app_key 326 | msg nickserv identify filename:config 327 | mydotfiles 328 | mysql 329 | mysql password 330 | mysql_root_password 331 | netlify_api_key 332 | nexus password 333 | nexus_password 334 | node_env 335 | node_pre_gyp_accesskeyid 336 | node_pre_gyp_secretaccesskey 337 | npm_api_key 338 | npm_password 339 | npm_secret_key 340 | npmrc _auth 341 | nuget_api_key 342 | nuget_apikey 343 | nuget_key 344 | oauth_token 345 | object_storage_password 346 | octest_app_password 347 | octest_password 348 | okta_key 349 | omise_key 350 | onesignal_api_key 351 | onesignal_user_auth_key 352 | openwhisk_key 353 | org_gradle_project_sonatype_nexus_password 354 | org_project_gradle_sonatype_nexus_password 355 | os_password 356 | ossrh_jira_password 357 | ossrh_pass 358 | ossrh_password 359 | pagerduty_apikey 360 | parse_js_key 361 | pass 362 | passwd 363 | password 364 | password travis 365 | passwords 366 | path:sites databases password 367 | paypal_secret 368 | paypal_token 369 | pem private 370 | personal_key 371 | playbooks_url 372 | plotly_apikey 373 | plugin_password 374 | postgres_env_postgres_password 375 | postgresql_pass 376 | preprod 377 | private 378 | private -language:java 379 | private_key 380 | private_signing_password 381 | prod 382 | prod_password 383 | prod.access.key.id 384 | prod.secret.key 385 | PT_TOKEN language:bash 386 | publish_key 387 | pusher_app_id 388 | pwd 389 | queue_driver 390 | rabbitmq_password 391 | rds.amazonaws.com password 392 | redis_password 393 | response_auth_jwt_secret 394 | rest_api_key 395 | rinkeby_private_key 396 | root_password 397 | ropsten_private_key 398 | route53_access_key_id 399 | rtd_key_pass 400 | rtd_store_pass 401 | s3_access_key 402 | s3_access_key_id 403 | s3_key 404 | s3_key_app_logs 405 | s3_key_assets 406 | s3_secret_key 407 | salesforce_password 408 | sandbox_aws_access_key_id 409 | sandbox_aws_secret_access_key 410 | sauce_access_key 411 | secret 412 | secret access key 413 | secret_access_key 414 | secret_bearer 415 | secret_key 416 | secret_key_base 417 | secret_token 418 | secret.password 419 | secretaccesskey 420 | secretkey 421 | secrets 422 | secure 423 | security_credentials 424 | send_keys 425 | send.keys 426 | sendgrid_api_key 427 | sendgrid_key 428 | sendgrid_password 429 | sendkeys 430 | ses_access_key 431 | ses_secret_key 432 | setdstaccesskey 433 | setsecretkey 434 | sf_username 435 | SF_USERNAME salesforce 436 | shodan_api_key language:python 437 | sid_token 438 | signing_key_password 439 | signing_key_secret 440 | slack_api 441 | slack_channel 442 | slack_key 443 | slack_outgoing_token 444 | slack_signing_secret 445 | slack_token 446 | slack_webhook 447 | slash_developer_space_key 448 | snoowrap_password 449 | socrata_password 450 | sonar_organization_key 451 | sonar_project_key 452 | sonatype_password 453 | sonatype_token_password 454 | soundcloud_password 455 | sql_password 456 | sqsaccesskey 457 | square_access_token 458 | square_token 459 | squareSecret 460 | ssh 461 | ssh2_auth_password 462 | sshpass 463 | staging 464 | stg 465 | storePassword 466 | stormpath_api_key_id 467 | stormpath_api_key_secret 468 | strip_key 469 | strip_secret_key 470 | stripe 471 | stripe_key 472 | stripe_secret 473 | stripToken 474 | svn_pass 475 | swagger 476 | tesco_api_key 477 | tester_keys_password 478 | testuser 479 | thera_oss_access_key 480 | token 481 | trusted_hosts 482 | twilio_account_sid 483 | twilio_accountsid 484 | twilio_api_key 485 | twilio_api_secret 486 | twilio_secret 487 | twilio_secret_token 488 | TWILIO_SID NOT env 489 | twilio_token 490 | twilioapiauth 491 | twiliosecret 492 | twine_password 493 | twitter_secret 494 | twitterKey 495 | x-api-key 496 | xoxb 497 | xoxp 498 | zen_tkn 499 | zen_token 500 | zendesk_url 501 | twilio secret 502 | twilio_account_id 503 | twilio_account_secret 504 | twilio_acount_sid NOT env 505 | twilio_api 506 | twilio_api_auth 507 | twilio_api_sid 508 | twilio_api_token 509 | zen_key 510 | zendesk_api_token 511 | zendesk_key 512 | zendesk_token 513 | zendesk_username 514 | -------------------------------------------------------------------------------- /GitDorker.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | # Credits: Modified GitHub Dorker using GitAPI and my personal compiled list of dorks across multiple resources. API Request structure modeled and modified and modified from Gwendal Le Coguic's scripts. 4 | # Author: Omar Bheda 5 | # Version: 1.1.3 6 | print(""" 7 | 8 | 9 | /$$$$$$ /$$ /$$ /$$$$$$$ /$$ 10 | /$$__ $$|__/ | $$ | $$__ $$ | $$ 11 | | $$ \__/ /$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$ | $$ /$$ /$$$$$$ /$$$$$$ 12 | | $$ /$$$$| $$|_ $$_/ | $$ | $$ /$$__ $$ /$$__ $$| $$ /$$/ /$$__ $$ /$$__ $$ 13 | | $$|_ $$| $$ | $$ | $$ | $$| $$ \ $$| $$ \__/| $$$$$$/ | $$$$$$$$| $$ \__/ 14 | | $$ \ $$| $$ | $$ /$$ | $$ | $$| $$ | $$| $$ | $$_ $$ | $$_____/| $$ 15 | | $$$$$$/| $$ | $$$$/ | $$$$$$$/| $$$$$$/| $$ | $$ \ $$| $$$$$$$| $$ 16 | \______/ |__/ \___/ |_______/ \______/ |__/ |__/ \__/ \_______/|__/ 17 | 18 | 19 | Find GitHub secrets utilizing a vast list of GitHub dorks and the GitHub search api. The 20 | purpose of this tool is to enumerate interesting users,repos, and files to provide an 21 | easy to read overview of where a potential sensitive information exposure may reside. 22 | 23 | HELP: python3 GitDorker.py -h 24 | """) 25 | 26 | # IMPORTS 27 | import sys 28 | import json 29 | import time 30 | import argparse 31 | import random 32 | import requests 33 | import csv 34 | from itertools import zip_longest 35 | from termcolor import colored 36 | from multiprocessing.dummy import Pool 37 | 38 | # API CONFIG 39 | GITHUB_API_URL = 'https://api.github.com' 40 | 41 | # PARSER CONFIG 42 | parser = argparse.ArgumentParser() 43 | parser.add_argument("-d", "--dorks", help="dorks file (required)") 44 | parser.add_argument("-k", "--keyword", help="search on a keyword instead of a list of dorks") 45 | parser.add_argument("-q", "--query", help="query (required or -q)") 46 | parser.add_argument("-qf", "--queryfile", help="query (required or -q)") 47 | parser.add_argument("-ri", "--recentlyindexed", action='store_true', help="sort results of queries from most recent first") 48 | parser.add_argument("-lb", "--limitbypass", action='store_true', help="increase requests per minute when using multiple tokens from UNIQUE accounts") 49 | parser.add_argument("-pf", "--patternfilter", action='store_true', help="filter out noise/patterns for test/example keys") 50 | parser.add_argument("-u", "--users", help="users to perform dork or keyword search on (comma separated).") 51 | parser.add_argument("-uf", "--userfile", help="file containing new line separated users") 52 | parser.add_argument("-org", "--organization", 53 | help="organization's GitHub name (required or -org if query not specified)") 54 | parser.add_argument("-t", "--token", help="your github token (required if token file not specififed)") 55 | parser.add_argument("-tf", "--tokenfile", help="file containing new line separated github tokens ") 56 | parser.add_argument("-e", "--threads", help="maximum n threads, default 1") 57 | parser.add_argument("-p", "--positiveresults", action='store_true', help="display positive results only") 58 | parser.add_argument("-o", "--output", help="output to file name (required or -o)") 59 | 60 | parser.parse_args() 61 | args = parser.parse_args() 62 | 63 | # DECLARE LISTS 64 | tokens_list = [] 65 | dorks_list = [] 66 | queries_list = [] 67 | organizations_list = [] 68 | users_list = [] 69 | keywords_list = [] 70 | 71 | # TOKEN ARGUMENT LOGIC 72 | if args.token: 73 | tokens_list = args.token.split(',') 74 | 75 | if args.tokenfile: 76 | with open(args.tokenfile) as f: 77 | tokens_list = [i.strip() for i in f.read().splitlines() if i.strip()] 78 | 79 | # if not len(tokens_list): 80 | # parser.error('auth token is missing') 81 | 82 | # USER ARGUMENT LOGIC 83 | if args.users: 84 | users_list = args.users.split(',') 85 | 86 | if args.userfile: 87 | with open(args.userfile) as f: 88 | users_list = [i.strip() for i in f.read().splitlines() if i.strip()] 89 | 90 | if args.query: 91 | queries_list = args.query.split(',') 92 | 93 | if args.queryfile: 94 | with open(args.queryfile) as f: 95 | queries_list = [i.strip() for i in f.read().splitlines() if i.strip()] 96 | 97 | if args.patternfilter: 98 | patternfilter = " -fake -example -test -XXXX -1234 -ABCD" 99 | 100 | # if args.query and args.keyword: 101 | # parser.error('you cannot specify both a query and a keyword, please specify one or the other.') 102 | # 103 | # if args.query and args.organization: 104 | # parser.error('you cannot specify both a query and a organization, please specify one or the other.') 105 | 106 | if args.organization: 107 | organizations_list = args.organization.split(',') 108 | 109 | if args.threads: 110 | threads = int(args.threads) 111 | else: 112 | threads = 1 113 | 114 | # if not args.query and not args.queryfile and not args.organization and not args.users and not args.userfile: 115 | # parser.error('query or organization missing or users missing') 116 | 117 | if args.dorks: 118 | fp = open(args.dorks, 'r') 119 | for line in fp: 120 | dorks_list.append(line.strip()) 121 | 122 | if args.keyword: 123 | keywords_list = args.keyword.split(',') 124 | 125 | if not args.dorks and not args.keyword: 126 | parser.error('dorks file or keyword is missing') 127 | 128 | # NUMBER OF REQUESTS PER MINUTE (TOKENS MUST BE UNIQUE) 129 | requests_per_minute = (len(tokens_list) * 30) - 1 130 | 131 | # TOKEN ROUND ROBIN 132 | n = -1 133 | 134 | 135 | def token_round_robin(): 136 | global n 137 | n = n + 1 138 | if n == len(tokens_list): 139 | n = 0 140 | current_token = tokens_list[n] 141 | return current_token 142 | 143 | 144 | # API SEARCH FUNCTION 145 | def api_search(url): 146 | if args.dorks: # UNDO COMPLETE! :) 147 | if args.keyword: 148 | sys.stdout.write(colored( 149 | '\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dorking with Keyword In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']), 150 | "green")) 151 | sys.stdout.flush() 152 | else: 153 | sys.stdout.write( 154 | colored('\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dorking In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']), "green")) 155 | sys.stdout.flush() 156 | 157 | elif args.keyword and not args.dorks: 158 | sys.stdout.write( 159 | colored('\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Keyword Search In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']), 160 | "green")) 161 | sys.stdout.flush() 162 | 163 | stats_dict['n_current'] = stats_dict['n_current'] + 1 164 | headers = {"Authorization": "token " + token_round_robin()} 165 | 166 | try: 167 | r = requests.get(url, headers=headers) 168 | json = r.json() 169 | if args.limitbypass: 170 | if stats_dict['n_current'] % requests_per_minute == 0: 171 | for remaining in range(63, 0, -1): 172 | sys.stdout.write("\r") 173 | sys.stdout.write(colored( 174 | "\r[#] (-_-)zzZZzzZZzzZZzzZZ sleeping to avoid rate limits. GitDorker will resume soon (-_-)zzZZzzZZzzZZzzZZ | {:2d} seconds remaining.\r".format( 175 | remaining), "blue")) 176 | sys.stdout.flush() 177 | time.sleep(1) 178 | else: 179 | if stats_dict['n_current'] % 29 == 0: 180 | for remaining in range(63, 0, -1): 181 | sys.stdout.write("\r") 182 | sys.stdout.write(colored( 183 | "\r[#] (-_-)zzZZzzZZzzZZzzZZ sleeping to avoid rate limits. GitDorker will resume soon (-_-)zzZZzzZZzzZZzzZZ | {:2d} seconds remaining.\r".format( 184 | remaining), "blue")) 185 | sys.stdout.flush() 186 | time.sleep(1) 187 | 188 | if 'documentation_url' in json: 189 | print(colored("[-] error occurred: %s" % json['documentation_url'], 'red')) 190 | else: 191 | url_results_dict[url] = json['total_count'] 192 | 193 | except Exception as e: 194 | print(colored("[-] error occurred: %s" % e, 'red')) 195 | return 0 196 | 197 | 198 | # URL ENCODING FUNCTION 199 | def __urlencode(str): 200 | str = str.replace(':', '%3A'); 201 | str = str.replace('"', '%22'); 202 | str = str.replace(' ', '+'); 203 | return str 204 | 205 | 206 | # DECLARE DICTIONARIES 207 | url_dict = {} 208 | results_dict = {} 209 | url_results_dict = {} 210 | stats_dict = { 211 | 'l_tokens': len(tokens_list), 212 | 'n_current': 0, 213 | 'n_total_urls': 0 214 | } 215 | 216 | # CREATE QUERIES 217 | for query in queries_list: 218 | results_dict[query] = [] 219 | for dork in dorks_list: 220 | if not args.patternfilter: 221 | if ":" in query: 222 | dork = "{}".format(query) + " " + dork 223 | else: 224 | dork = "{}".format(query) + " " + dork 225 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 226 | results_dict[query].append(url) 227 | url_dict[url] = 0 228 | else: 229 | if ":" in query: 230 | dork = "{}".format(query) + " " + dork + patternfilter 231 | else: 232 | dork = "{}".format(query) + " " + dork + patternfilter 233 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 234 | results_dict[query].append(url) 235 | url_dict[url] = 0 236 | 237 | 238 | 239 | # CREATE ORGS 240 | for organization in organizations_list: 241 | results_dict[organization] = [] 242 | for dork in dorks_list: 243 | if not args.patternfilter: 244 | dork = 'org:' + organization + ' ' + dork 245 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 246 | results_dict[organization].append(url) 247 | url_dict[url] = 0 248 | else: 249 | dork = 'org:' + organization + ' ' + dork + patternfilter 250 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 251 | results_dict[organization].append(url) 252 | url_dict[url] = 0 253 | 254 | #Create Users 255 | for user in users_list: 256 | results_dict[user] = [] 257 | if args.dorks: 258 | if args.keyword: 259 | for dork in dorks_list: 260 | for keyword in keywords_list: 261 | if not args.patternfilter: 262 | keyword_dork = 'user:' + user + ' ' + keyword + ' ' + dork 263 | url = 'https://api.github.com/search/code?q=' + __urlencode(keyword_dork) 264 | results_dict[user].append(url) 265 | url_dict[url] = 0 266 | else: 267 | keyword_dork = 'user:' + user + ' ' + keyword + ' ' + dork + patternfilter 268 | url = 'https://api.github.com/search/code?q=' + __urlencode(keyword_dork) 269 | results_dict[user].append(url) 270 | url_dict[url] = 0 271 | 272 | if not args.keyword: 273 | for dork in dorks_list: 274 | if not args.patternfilter: 275 | dork = 'user:' + user + ' ' + dork 276 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 277 | results_dict[user].append(url) 278 | url_dict[url] = 0 279 | else: 280 | dork = 'user:' + user + ' ' + dork + patternfilter 281 | url = 'https://api.github.com/search/code?q=' + __urlencode(dork) 282 | results_dict[user].append(url) 283 | url_dict[url] = 0 284 | 285 | if args.keyword and not args.dorks: 286 | for keyword in keywords_list: 287 | if not args.patternfilter: 288 | keyword = 'user:' + user + ' ' + keyword 289 | url = 'https://api.github.com/search/code?q=' + __urlencode(keyword) 290 | results_dict[user].append(url) 291 | url_dict[url] = 0 292 | else: 293 | keyword = 'user:' + user + ' ' + keyword + patternfilter 294 | url = 'https://api.github.com/search/code?q=' + __urlencode(keyword) 295 | results_dict[user].append(url) 296 | url_dict[url] = 0 297 | 298 | # STATS 299 | stats_dict['n_total_urls'] = len(url_dict) 300 | print(""" 301 | ______ __ 302 | / __/ /____ _/ /____ 303 | _\ \/ __/ _ `/ __(_-< 304 | /___/\__/\_,_/\__/___/ 305 | ********************** 306 | """) 307 | sys.stdout.write(colored('[#] %d organizations found.\n' % len(organizations_list), 'cyan')) 308 | sys.stdout.write(colored('[#] %d users found.\n' % len(users_list), 'cyan')) 309 | sys.stdout.write(colored('[#] %d dorks found.\n' % len(dorks_list), 'cyan')) 310 | sys.stdout.write(colored('[#] %d keywords found.\n' % len(keywords_list), 'cyan')) 311 | sys.stdout.write(colored('[#] %d queries ran.\n' % len(queries_list), 'cyan')) 312 | sys.stdout.write(colored('[#] %d urls generated.\n' % len(url_dict), 'cyan')) 313 | sys.stdout.write(colored('[#] %d tokens being used.\n' % len(tokens_list), 'cyan')) 314 | sys.stdout.write(colored('[#] running %d threads.\n' % threads, 'cyan')) 315 | if args.limitbypass: 316 | sys.stdout.write(colored('[#] %d requests per minute allowed\n' % requests_per_minute, 'cyan')) 317 | else: 318 | sys.stdout.write(colored('[#] 29 requests per minute allowed\n', 'cyan')) 319 | print("") 320 | # SLEEP 321 | time.sleep(1) 322 | 323 | # POOL FUNCTION TO RUN API SEARCH 324 | pool = Pool(threads) 325 | pool.map(api_search, url_dict) 326 | pool.close() 327 | pool.join() 328 | 329 | # SET COUNT 330 | count = 0 331 | keyword_count = 0 332 | 333 | # SHOW RESULTS 334 | print("") 335 | print(""" 336 | ___ ____ 337 | / _ \___ ___ __ __/ / /____ 338 | / , _/ -_|_-