├── ss.jpg
├── out.jpg
├── README.md
├── gitdorkhelper.sh
├── medium_dorks.txt
└── all_dorks.txt


/ss.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vsec7/gitdorkhelper/HEAD/ss.jpg


--------------------------------------------------------------------------------
/out.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vsec7/gitdorkhelper/HEAD/out.jpg


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # GitHub Dork Helper
 2 | 
 3 | <img src="ss.jpg">
 4 | 
 5 | Just simple helper tool for generate github search link
 6 | 
 7 | ## Usage :
 8 | ```
 9 | ve@cath:~/gitdorkhelper$ ./x "target" dork_lists.txt [output.html *optional]
10 | ve@cath:~/gitdorkhelper$ ./x "paypal" dork_lists.txt paypal_output.html
11 | ```
12 | 
13 | <img src="out.jpg">
14 | 
15 | open output.html with browser :)
16 | 
17 | Keyword from : https://github.com/obheda12/GitDorker/tree/master/Dorks
18 | 
19 | Thanks
20 | 
21 | Ve
22 | 


--------------------------------------------------------------------------------
/gitdorkhelper.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # GitHub Dork Helper
 3 | # Ve <3 Cath
 4 | # Keyword list from https://github.com/obheda12/GitDorker/tree/master/Dorks
 5 | # Usage : ./gitdorkhelper "target" all_dorks.txt [output.html *optional]
 6 | # Example : ./gitdorkhelper "paypal" all_dorks.txt out.html
 7 | 
 8 | while read i; do
 9 |     echo "[ $i ] https://github.com/search?q=%22$1%22+`echo $i | sed -e 's/ /+/g' | sed -e 's/\"/%22/g'`&type=Code"
10 |     if [ ! -z $3 ]; then
11 |          echo "<li><input type=\"checkbox\"> [<a href=\"https://github.com/search?q=%22$1%22+`echo $i | sed -e 's/ /+/g' | sed -e 's/\"/%22/g'`&type=Code\" target=\"_blank\"> $i </a>]</li>" >> $3
12 |     fi
13 | done < $2
14 | 


--------------------------------------------------------------------------------
/medium_dorks.txt:
--------------------------------------------------------------------------------
  1 | ".mlab.com+password"
  2 | "AWSSecretKey"
  3 | "JEKYLL_GITHUB_TOKEN"
  4 | "SF_USERNAME+salesforce"
  5 | "access_key"
  6 | "access_token"
  7 | "amazonaws"
  8 | "apiSecret"
  9 | "api_key"
 10 | "api_secret"
 11 | "apidocs"
 12 | "apikey"
 13 | "app_key"
 14 | "app_secret"
 15 | "appkey"
 16 | "appkeysecret"
 17 | "application_key"
 18 | "appsecret"
 19 | "appspot"
 20 | "auth"
 21 | "auth_token"
 22 | "authorizationToken"
 23 | "aws_access"
 24 | "aws_access_key_id"
 25 | "aws_key"
 26 | "aws_secret"
 27 | "aws_token"
 28 | "bashrc+password"
 29 | "bucket_password"
 30 | "client_secret"
 31 | "cloudfront"
 32 | "codecov_token"
 33 | "config"
 34 | "conn.login"
 35 | "connectionstring"
 36 | "consumer_key"
 37 | "credentials"
 38 | "database_password"
 39 | "db_password"
 40 | "db_username"
 41 | "dbpasswd"
 42 | "dbpassword"
 43 | "dbuser"
 44 | "dot-files"
 45 | "dotfiles"
 46 | "encryption_key"
 47 | "fabricApiSecret"
 48 | "fb_secret"
 49 | "firebase"
 50 | "ftp"
 51 | "gh_token"
 52 | "github_key"
 53 | "github_token"
 54 | "gitlab"
 55 | "gmail_password"
 56 | "gmail_username"
 57 | "api.googlemaps+AIza"
 58 | "herokuapp"
 59 | "internal"
 60 | "irc_pass"
 61 | "key"
 62 | "keyPassword"
 63 | "ldap_password"
 64 | "ldap_username"
 65 | "login"
 66 | "mailchimp"
 67 | "mailgun"
 68 | "master_key"
 69 | "mydotfiles"
 70 | "mysql"
 71 | "node_env"
 72 | "npmrc+_auth"
 73 | "oauth_token"
 74 | "pass"
 75 | "passwd"
 76 | "password"
 77 | "passwords"
 78 | "pem+private"
 79 | "preprod"
 80 | "private_key"
 81 | "prod"
 82 | "pwd"
 83 | "pwds"
 84 | "rds.amazonaws.com+password"
 85 | "redis_password"
 86 | "root_password"
 87 | "secret"
 88 | "secret.password"
 89 | "secret_access_key"
 90 | "secret_key"
 91 | "secret_token"
 92 | "secrets"
 93 | "secure"
 94 | "security_credentials"
 95 | "send.keys"
 96 | "send_keys"
 97 | "sendkeys"
 98 | "sf_username"
 99 | "slack_api"
100 | "slack_token"
101 | "sql_password"
102 | "ssh"
103 | "ssh2_auth_password"
104 | "sshpass"
105 | "staging"
106 | "stg"
107 | "storePassword"
108 | "stripe"
109 | "swagger"
110 | "testuser"
111 | "token"
112 | "x-api-key"
113 | "xoxp"
114 | "xoxb+"
115 | HEROKU_API_KEY+language:json
116 | HEROKU_API_KEY+language:shell
117 | HOMEBREW_GITHUB_API_TOKEN+language:shell
118 | PT_TOKEN+language:bash
119 | [WFClient]+Password=+extension:ica
120 | extension:avastlic+"support.avast.com"
121 | extension:bat
122 | extension:cfg
123 | extension:env
124 | extension:exs
125 | extension:ini
126 | extension:json+api.forecast.io
127 | extension:json+googleusercontent+client_secret
128 | extension:json+mongolab.com
129 | extension:pem
130 | extension:pem+private
131 | extension:ppk
132 | extension:ppk+private
133 | extension:properties
134 | extension:sh
135 | extension:sls
136 | extension:sql
137 | extension:sql+mysql+dump
138 | extension:sql+mysql+dump+password
139 | extension:yaml+mongolab.com
140 | extension:zsh
141 | filename:.bash_history
142 | filename:.bash_profile+aws
143 | filename:.bashrc+mailchimp
144 | filename:.bashrc+password
145 | filename:.cshrc
146 | filename:.dockercfg+auth
147 | filename:.env+DB_USERNAME+NOT+homestead
148 | filename:.env+MAIL_HOST=smtp.gmail.com
149 | filename:.esmtprc+password
150 | filename:.ftpconfig
151 | filename:.git-credentials
152 | filename:.history
153 | filename:.htpasswd
154 | filename:.netrc+password
155 | filename:.npmrc+_auth
156 | filename:.pgpass
157 | filename:.remote-sync.json
158 | filename:.s3cfg
159 | filename:.sh_history
160 | filename:.tugboat+NOT+_tugboat
161 | filename:CCCam.cfg
162 | filename:WebServers.xml
163 | filename:_netrc+password
164 | filename:bash
165 | filename:bash_history
166 | filename:bash_profile
167 | filename:bashrc
168 | filename:beanstalkd.yml
169 | filename:composer.json
170 | filename:config
171 | filename:config+irc_pass
172 | filename:config.json+auths
173 | filename:config.php+dbpasswd
174 | filename:configuration.php+JConfig+password
175 | filename:connections
176 | filename:connections.xml
177 | filename:constants
178 | filename:credentials
179 | filename:credentials+aws_access_key_id
180 | filename:cshrc
181 | filename:database
182 | filename:dbeaver-data-sources.xml
183 | filename:deploy.rake
184 | filename:deployment-config.json
185 | filename:dhcpd.conf
186 | filename:dockercfg
187 | filename:environment
188 | filename:express.conf
189 | filename:express.conf+path:.openshift
190 | filename:filezilla.xml
191 | filename:filezilla.xml+Pass
192 | filename:git-credentials
193 | filename:gitconfig
194 | filename:global
195 | filename:history
196 | filename:htpasswd
197 | filename:hub+oauth_token
198 | filename:id_dsa
199 | filename:id_rsa
200 | filename:id_rsa+or+filename:id_dsa
201 | filename:idea14.key
202 | filename:known_hosts
203 | filename:logins.json
204 | filename:makefile
205 | filename:master.key+path:config
206 | filename:netrc
207 | filename:npmrc
208 | filename:pass
209 | filename:passwd+path:etc
210 | filename:pgpass
211 | filename:prod.exs
212 | filename:prod.exs+NOT+prod.secret.exs
213 | filename:prod.secret.exs
214 | filename:proftpdpasswd
215 | filename:recentservers.xml
216 | filename:recentservers.xml+Pass
217 | filename:robomongo.json
218 | filename:s3cfg
219 | filename:secrets.yml+password
220 | filename:server.cfg
221 | filename:server.cfg+rcon+password
222 | filename:settings
223 | filename:settings.py+SECRET_KEY
224 | filename:sftp-config.json
225 | filename:sftp.json+path:.vscode
226 | filename:shadow
227 | filename:shadow+path:etc
228 | filename:spec
229 | filename:sshd_config
230 | filename:tugboat
231 | filename:ventrilo_srv.ini
232 | filename:wp-config
233 | filename:wp-config.php
234 | filename:zhrc
235 | jsforce+extension:js+conn.login
236 | language:yaml+-filename:travis
237 | msg+nickserv+identify+filename:config
238 | path:sites+databases+password
239 | private+-language:java
240 | shodan_api_key+language:python
241 | 


--------------------------------------------------------------------------------
/all_dorks.txt:
--------------------------------------------------------------------------------
  1 | .mlab.com+password
  2 | WFClient+Password+extension:ica
  3 | access_key
  4 | access_token
  5 | admin_pass
  6 | admin_user
  7 | algolia_admin_key
  8 | algolia_api_key
  9 | alias_pass
 10 | alicloud_access_key
 11 | amazon_secret_access_key
 12 | amazonaws
 13 | ansible_vault_password
 14 | aos_key
 15 | api_key
 16 | api_key_secret
 17 | api_key_sid
 18 | api_secret
 19 | api.googlemaps+AIza
 20 | apidocs
 21 | apikey
 22 | apiSecret
 23 | app_debug
 24 | app_id
 25 | app_key
 26 | app_log_level
 27 | app_secret
 28 | appkey
 29 | appkeysecret
 30 | application_key
 31 | appsecret
 32 | appspot
 33 | auth_token
 34 | authorizationToken
 35 | authsecret
 36 | aws_access
 37 | aws_access_key_id
 38 | aws_bucket
 39 | aws_key
 40 | aws_secret
 41 | aws_secret_key
 42 | aws_token
 43 | AWSSecretKey
 44 | b2_app_key
 45 | bashrc+password
 46 | bintray_apikey
 47 | bintray_gpg_password
 48 | bintray_key
 49 | bintraykey
 50 | bluemix_api_key
 51 | bluemix_pass
 52 | browserstack_access_key
 53 | bucket_password
 54 | bucketeer_aws_access_key_id
 55 | bucketeer_aws_secret_access_key
 56 | built_branch_deploy_key
 57 | bx_password
 58 | cache_driver
 59 | cache_s3_secret_key
 60 | cattle_access_key
 61 | cattle_secret_key
 62 | certificate_password
 63 | ci_deploy_password
 64 | client_secret
 65 | client_zpk_secret_key
 66 | clojars_password
 67 | cloud_api_key
 68 | cloud_watch_aws_access_key
 69 | cloudant_password
 70 | cloudflare_api_key
 71 | cloudflare_auth_key
 72 | cloudinary_api_secret
 73 | cloudinary_name
 74 | codecov_token
 75 | config
 76 | conn.login
 77 | connectionstring
 78 | consumer_key
 79 | consumer_secret
 80 | credentials
 81 | cypress_record_key
 82 | database_password
 83 | database_schema_test
 84 | datadog_api_key
 85 | datadog_app_key
 86 | db_password
 87 | db_server
 88 | db_username
 89 | dbpasswd
 90 | dbpassword
 91 | dbuser
 92 | deploy_password
 93 | digitalocean_ssh_key_body
 94 | digitalocean_ssh_key_ids
 95 | docker_hub_password
 96 | docker_key
 97 | docker_pass
 98 | docker_passwd
 99 | docker_password
100 | dockerhub_password
101 | dockerhubpassword
102 | dot-files
103 | dotfiles
104 | droplet_travis_password
105 | dynamoaccesskeyid
106 | dynamosecretaccesskey
107 | elastica_host
108 | elastica_port
109 | elasticsearch_password
110 | encryption_key
111 | encryption_password
112 | env.heroku_api_key
113 | env.sonatype_password
114 | eureka.awssecretkey
115 | extension:avastlic+support.avast.com
116 | extension:bat
117 | extension:cfg
118 | extension:dbeaver-data-sources.xml
119 | extension:env
120 | extension:exs
121 | extension:ini
122 | extension:json+api.forecast.io
123 | extension:json+googleusercontent+client_secret
124 | extension:json+mongolab.com
125 | extension:pem
126 | extension:pem+private
127 | extension:ppk
128 | extension:ppk+private
129 | extension:properties
130 | extension:sh
131 | extension:sls
132 | extension:sql
133 | extension:sql+mysql+dump
134 | extension:sql+mysql+dump+password
135 | extension:yaml+mongolab.com
136 | extension:zsh
137 | fabricApiSecret
138 | facebook_secret
139 | fb_secret
140 | filename:_netrc+password
141 | filename:.bash_history
142 | filename:.bash_profile+aws
143 | filename:.bashrc+mailchimp
144 | filename:.bashrc+password
145 | filename:.cshrc
146 | filename:.dockercfg+auth
147 | filename:.env+DB_USERNAME+NOT+homestead
148 | filename:.env+MAIL_HOSTsmtp.gmail.com
149 | filename:.esmtprc+password
150 | filename:.ftpconfig
151 | filename:.git-credentials
152 | filename:.history
153 | filename:.htpasswd
154 | filename:.netrc+password
155 | filename:.npmrc+_auth
156 | filename:.pgpass
157 | filename:.remote-sync.json
158 | filename:.s3cfg
159 | filename:.sh_history
160 | filename:.tugboat+NOT+_tugboat
161 | filename:bash
162 | filename:bash_history
163 | filename:bash_profile
164 | filename:bashrc
165 | filename:beanstalkd.yml
166 | filename:CCCam.cfg
167 | filename:composer.json
168 | filename:config
169 | filename:config+irc_pass
170 | filename:config.json+auths
171 | filename:config.php+dbpasswd
172 | filename:configuration.php+JConfig+password
173 | filename:connections
174 | filename:connections.xml
175 | filename:constants
176 | filename:credentials
177 | filename:credentials+aws_access_key_id
178 | filename:cshrc
179 | filename:database
180 | filename:dbeaver-data-sources.xml
181 | filename:deploy.rake
182 | filename:deployment-config.json
183 | filename:dhcpd.conf
184 | filename:dockercfg
185 | filename:env
186 | filename:environment
187 | filename:express.conf
188 | filename:express.conf+path:.openshift
189 | filename:filezilla.xml
190 | filename:filezilla.xml+Pass
191 | filename:git-credentials
192 | filename:gitconfig
193 | filename:global
194 | filename:history
195 | filename:htpasswd
196 | filename:hub+oauth_token
197 | filename:id_dsa
198 | filename:id_rsa
199 | filename:id_rsa+or+filename:id_dsa
200 | filename:idea14.key
201 | filename:known_hosts
202 | filename:logins.json
203 | filename:makefile
204 | filename:master.key+path:config
205 | filename:netrc
206 | filename:npmrc
207 | filename:pass
208 | filename:passwd+path:etc
209 | filename:pgpass
210 | filename:prod.exs
211 | filename:prod.exs+NOT+prod.secret.exs
212 | filename:prod.secret.exs
213 | filename:proftpdpasswd
214 | filename:recentservers.xml
215 | filename:recentservers.xml+Pass
216 | filename:robomongo.json
217 | filename:s3cfg
218 | filename:secrets.yml+password
219 | filename:server.cfg
220 | filename:server.cfg+rcon+password
221 | filename:settings
222 | filename:settings.py+SECRET_KEY
223 | filename:sftp-config.json
224 | filename:sftp.json+path:.vscode
225 | filename:shadow
226 | filename:shadow+path:etc
227 | filename:spec
228 | filename:sshd_config
229 | filename:tugboat
230 | filename:ventrilo_srv.ini
231 | filename:WebServers.xml
232 | filename:wp-config
233 | filename:wp-config.php
234 | filename:zhrc
235 | firebase
236 | flickr_api_key
237 | fossa_api_key
238 | ftp
239 | ftp_password
240 | gatsby_wordpress_base_url
241 | gatsby_wordpress_client_id
242 | gatsby_wordpress_user
243 | gh_api_key
244 | gh_token
245 | ghost_api_key
246 | github_api_key
247 | github_deploy_hb_doc_pass
248 | github_id
249 | github_key
250 | github_password
251 | github_token
252 | gitlab
253 | gmail_password
254 | gmail_username
255 | google_maps_api_key
256 | google_private_key
257 | google_secret
258 | google_server_key
259 | gpg_key_name
260 | gpg_keyname
261 | gpg_passphrase
262 | HEROKU_API_KEY+language:json
263 | HEROKU_API_KEY+language:shell
264 | heroku_oauth
265 | heroku_oauth_secret
266 | heroku_oauth_token
267 | heroku_secret
268 | heroku_secret_token
269 | herokuapp
270 | HOMEBREW_GITHUB_API_TOKEN+language:shell
271 | htaccess_pass
272 | htaccess_user
273 | incident_channel_name
274 | internal
275 | irc_pass
276 | JEKYLL_GITHUB_TOKEN
277 | jsforce+extension:js+conn.login
278 | jwt_client_secret_key
279 | jwt_lookup_secert_key
280 | jwt_password
281 | jwt_secret
282 | jwt_secret_key
283 | jwt_token
284 | jwt_user
285 | jwt_web_secert_key
286 | jwt_xmpp_secert_key
287 | key
288 | keyPassword
289 | language:yaml+-filename:travis
290 | ldap_password
291 | ldap_username
292 | linux_signing_key
293 | ll_shared_key
294 | location_protocol
295 | log_channel
296 | login
297 | lottie_happo_api_key
298 | lottie_happo_secret_key
299 | lottie_s3_api_key
300 | lottie_s3_secret_key
301 | magento+password
302 | mail_password
303 | mail_port
304 | mailchimp
305 | mailchimp_api_key
306 | mailchimp_key
307 | mailgun
308 | mailgun+apikey
309 | mailgun_key
310 | mailgun_password
311 | mailgun_priv_key
312 | mailgun_secret_api_key
313 | manage_key
314 | mandrill_api_key
315 | mapbox+api+key
316 | master_key
317 | mg_api_key
318 | mg_public_api_key
319 | mh_apikey
320 | mh_password
321 | mile_zero_key
322 | minio_access_key
323 | minio_secret_key
324 | mix_pusher_app_cluster
325 | mix_pusher_app_key
326 | msg+nickserv+identify+filename:config
327 | mydotfiles
328 | mysql
329 | mysql+password
330 | mysql_root_password
331 | netlify_api_key
332 | nexus+password
333 | nexus_password
334 | node_env
335 | node_pre_gyp_accesskeyid
336 | node_pre_gyp_secretaccesskey
337 | npm_api_key
338 | npm_password
339 | npm_secret_key
340 | npmrc+_auth
341 | nuget_api_key
342 | nuget_apikey
343 | nuget_key
344 | oauth_token
345 | object_storage_password
346 | octest_app_password
347 | octest_password
348 | okta_key
349 | omise_key
350 | onesignal_api_key
351 | onesignal_user_auth_key
352 | openwhisk_key
353 | org_gradle_project_sonatype_nexus_password
354 | org_project_gradle_sonatype_nexus_password
355 | os_password
356 | ossrh_jira_password
357 | ossrh_pass
358 | ossrh_password
359 | pagerduty_apikey
360 | parse_js_key
361 | pass
362 | passwd
363 | password
364 | password+travis
365 | passwords
366 | path:sites+databases+password
367 | paypal_secret
368 | paypal_token
369 | pem+private
370 | personal_key
371 | playbooks_url
372 | plotly_apikey
373 | plugin_password
374 | postgres_env_postgres_password
375 | postgresql_pass
376 | preprod
377 | private
378 | private+-language:java
379 | private_key
380 | private_signing_password
381 | prod
382 | prod_password
383 | prod.access.key.id
384 | prod.secret.key
385 | PT_TOKEN+language:bash
386 | publish_key
387 | pusher_app_id
388 | pwd
389 | queue_driver
390 | rabbitmq_password
391 | rds.amazonaws.com+password
392 | redis_password
393 | response_auth_jwt_secret
394 | rest_api_key
395 | rinkeby_private_key
396 | root_password
397 | ropsten_private_key
398 | route53_access_key_id
399 | rtd_key_pass
400 | rtd_store_pass
401 | s3_access_key
402 | s3_access_key_id
403 | s3_key
404 | s3_key_app_logs
405 | s3_key_assets
406 | s3_secret_key
407 | salesforce_password
408 | sandbox_aws_access_key_id
409 | sandbox_aws_secret_access_key
410 | sauce_access_key
411 | secret
412 | secret+access+key
413 | secret_access_key
414 | secret_bearer
415 | secret_key
416 | secret_key_base
417 | secret_token
418 | secret.password
419 | secretaccesskey
420 | secretkey
421 | secrets
422 | secure
423 | security_credentials
424 | send_keys
425 | send.keys
426 | sendgrid_api_key
427 | sendgrid_key
428 | sendgrid_password
429 | sendkeys
430 | ses_access_key
431 | ses_secret_key
432 | setdstaccesskey
433 | setsecretkey
434 | sf_username
435 | SF_USERNAME+salesforce
436 | shodan_api_key+language:python
437 | sid_token
438 | signing_key_password
439 | signing_key_secret
440 | slack_api
441 | slack_channel
442 | slack_key
443 | slack_outgoing_token
444 | slack_signing_secret
445 | slack_token
446 | slack_webhook
447 | slash_developer_space_key
448 | snoowrap_password
449 | socrata_password
450 | sonar_organization_key
451 | sonar_project_key
452 | sonatype_password
453 | sonatype_token_password
454 | soundcloud_password
455 | sql_password
456 | sqsaccesskey
457 | square_access_token
458 | square_token
459 | squareSecret
460 | ssh
461 | ssh2_auth_password
462 | sshpass
463 | staging
464 | stg
465 | storePassword
466 | stormpath_api_key_id
467 | stormpath_api_key_secret
468 | strip_key
469 | strip_secret_key
470 | stripe
471 | stripe_key
472 | stripe_secret
473 | stripToken
474 | svn_pass
475 | swagger
476 | tesco_api_key
477 | tester_keys_password
478 | testuser
479 | thera_oss_access_key
480 | token
481 | trusted_hosts
482 | twilio_account_sid
483 | twilio_accountsid
484 | twilio_api_key
485 | twilio_api_secret
486 | twilio_secret
487 | twilio_secret_token
488 | TWILIO_SID+NOT+env
489 | twilio_token
490 | twilioapiauth
491 | twiliosecret
492 | twine_password
493 | twitter_secret
494 | twitterKey
495 | x-api-key
496 | xoxb+
497 | xoxp
498 | zen_tkn
499 | zen_token
500 | zendesk_url
501 | twilio+secret
502 | twilio_account_id
503 | twilio_account_secret
504 | twilio_acount_sid+NOT+env
505 | twilio_api
506 | twilio_api_auth
507 | twilio_api_sid
508 | twilio_api_token
509 | zen_key
510 | zendesk_api_token
511 | zendesk_key
512 | zendesk_token
513 | zendesk_username
514 | 


--------------------------------------------------------------------------------