Github Dorks 汇总

Posted on 2020-07-19,1 min read

对一些Github泄露的信息进行信息搜集

filename:.bash_history  域名
SECRET_KEY_BASE=
"site.com" vim_settings.xml
WORDPRESS_DB_PASSWORD=
filename:.git-creadentials
"site.com" FIREBASE_API_JSON=
shodan_api_key language:Python/Java
password
dbpassword
dbuser
access_key
secret_access_key
bucket_password
redis_password
root_password
HOST=http://smtp.gmail.com
filename:.htpasswd
extension:sql mysql dump
api_key
oauth
authentication
client-secret
api_token
client_id
client_secret
authorization_bearer
user_password
api_secret

Tools

Gitrob   https://github.com/michenriksen/gitrob
Git-all-secrets  https://github.com/anshumanbh/git-all-secrets
truffleHog  https://github.com/dxa4481/truffleHog
git-secrets  https://github.com/awslabs/git-secrets
repo-supervisor  https://github.com/auth0/repo-supervisor
ReconPi   https://github.com/x1mdev/ReconPi

合集

github-dorks  
https://github.com/techgaun/github-dorks/blob/master/github-dorks.txt
ghhdb-Github-Hacking-Database
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database