gitminer

https://github.com/UnkL4b/GitMiner

 + Autor: UnK

 + Blog: https://unkl4b.github.io

 + Github: https://github.com/danilovazb

 + Twitter: https://twitter.com/danilo_vaz_

WARNING

 +---------------------------------------------------+

 | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT        |

 | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY    |

 | THIS PROGRAM                                      |

 +---------------------------------------------------+

DESCRIPTION

Advanced search tool and automation in Github.

This tool aims to facilitate research by code or code

snippets on github through the site's search page.

MOTIVATION

Demonstrates the fragility of trust in public repositories to store codes with sensitive information.

REQUIREMENTS

lxml

requests

argparse

json

re

INSTALL

$ git clone http://github.com/UnkL4b/GitMiner

$ cd GitMiner

~/GitMiner $ pip3 install -r requirements.txt

Docker

$ git clone http://github.com/UnkL4b/GitMiner

$ cd GitMiner

$ docker build -t gitminer .

$ docker run -it gitminer -h

HELP



                                 UnkL4b

  __                   Automatic search for Github

((OO))   ▄████  ██▓▄▄▄█████▓ ███▄ ▄███▓ ██▓ ███▄    █ ▓█████  ██▀███

 \__/   ██▒ ▀█▒▓██▒▓  ██▒ ▓▒▓██▒▀█▀ ██▒▓██▒ ██ ▀█   █ ▓█   ▀ ▓██ ▒ ██▒      OO

  |^|  ▒██░▄▄▄░▒██▒▒ ▓██░ ▒░▓██    ▓██░▒██▒▓██  ▀█ ██▒▒███   ▓██ ░▄█ ▒      oOo

  | |  ░▓█  ██▓░██░░ ▓██▓ ░ ▒██    ▒██ ░██░▓██▒  ▐▌██▒▒▓█  ▄ ▒██▀▀█▄      OoO

  | |  ░▒▓███▀▒░██░  ▒██▒ ░ ▒██▒   ░██▒░██░▒██░   ▓██░░▒████▒░██▓ ▒██▒  /oOo

  | |___░▒___▒_░▓____▒_░░___░_▒░___░__░░▓__░_▒░___▒_▒_░░_▒░_░░_▒▓_░▒▓░_/ /

  \______░___░__▒_░____░____░__░______░_▒_░░_░░___░_▒░_░_░__░__░▒_░_▒░__/  v2.0

       ░ ░   ░  ▒ ░  ░      ░      ░    ▒ ░   ░   ░ ░    ░     ░░   ░

             ░  ░                  ░    ░           ░    ░  ░   ░     

  -> github.com/UnkL4b

  -> unkl4b.github.io

  +---------------------[WARNING]---------------------+

  | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT        |

  | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY    |

  | THIS PROGRAM                                      |

  +---------------------------------------------------+

       [-h] [-q 'filename:shadow path:etc']

       [-m wordpress] [-o result.txt]

       [-r '/^\s*.*?;?\s*$/gm']

       [-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83]

optional arguments:

  -h, --help            show this help message and exit

  -q 'filename:shadow path:etc', --query 'filename:shadow path:etc'

                        Specify search term

  -m wordpress, --module wordpress

                        Specify the search module

  -o result.txt, --output result.txt

                        Specify the output file where it will be

                        saved

  -r '/^\s*(.*?);?\s*$/gm', --regex '/^\s*(.*?);?\s*$/gm'

                        Set regex to search in file

  -c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83, --cookie _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83

                        Specify the cookie for your github

EXAMPLE

Searching for wordpress configuration files with passwords:

$:> python3 gitminer-v2.0.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt

Looking for brasilian government files containing passwords:

$:> python3 gitminer-v2.0.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Looking for shadow files on the etc paste:

$:> python3 gitminer-v2.0.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Searching for joomla configuration files with passwords:

$:> python3 gitminer-v2.0.py --query 'filename:configuration extension:php "public password" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Hacking SSH Servers

Dork to search

by @techgaun (https://github.com/techgaun/github-dorks)

Dork	Description
filename:.npmrc _auth	npm registry authentication data
filename:.dockercfg auth	docker registry authentication data
extension:pem private	private keys
extension:ppk private	puttygen private keys
filename:id_rsa or filename:id_dsa	private ssh keys
extension:sql mysql dump	mysql dump
extension:sql mysql dump password	mysql dump look for password; you can try varieties
filename:credentials aws_access_key_id	might return false negatives with dummy values
filename:.s3cfg	might return false negatives with dummy values
filename:wp-config.php	wordpress config files
filename:.htpasswd	htpasswd files
filename:.env DB_USERNAME NOT homestead	laravel .env (CI, various ruby based frameworks too)
filename:.env MAIL_HOST=smtp.gmail.com	gmail smtp configuration (try different smtp services too)
filename:.git-credentials	git credentials store, add NOT username for more valid results
PT_TOKEN language:bash	pivotaltracker tokens
filename:.bashrc password	search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimp	variation of above (try more variations)
filename:.bash_profile aws	aws access and secret keys
rds.amazonaws.com password	Amazon RDS possible credentials
extension:json api.forecast.io	try variations, find api keys/secrets
extension:json mongolab.com	mongolab credentials in json configs
extension:yaml mongolab.com	mongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.login	possible salesforce credentials in nodejs projects
SF_USERNAME salesforce	possible salesforce credentials
filename:.tugboat NOT _tugboat	Digital Ocean tugboat config
HEROKU_API_KEY language:shell	Heroku api keys
HEROKU_API_KEY language:json	Heroku api keys in json files
filename:.netrc password	netrc that possibly holds sensitive credentials
filename:_netrc password	netrc that possibly holds sensitive credentials
filename:hub oauth_token	hub config that stores github tokens
filename:robomongo.json	mongodb credentials file used by robomongo
filename:filezilla.xml Pass	filezilla config file with possible user/pass to ftp
filename:recentservers.xml Pass	filezilla config file with possible user/pass to ftp
filename:config.json auths	docker registry authentication data
filename:idea14.key	IntelliJ Idea 14 key, try variations for other versions
filename:config irc_pass	possible IRC config
filename:connections.xml	possible db connections configuration, try variations to be specific
filename:express.conf path:.openshift	openshift config, only email and server thou
filename:.pgpass	PostgreSQL file which can contain passwords
filename:proftpdpasswd	Usernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.ini	Ventrilo configuration
[WFClient] Password= extension:ica	WinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon password	Counter Strike RCON Passwords
JEKYLL_GITHUB_TOKEN	Github tokens used for jekyll
filename:.bash_history	Bash history file
filename:.cshrc	RC file for csh shell
filename:.history	history file (often used by many tools)
filename:.sh_history	korn shell history
filename:sshd_config	OpenSSH server config
filename:dhcpd.conf	DHCP service config
filename:prod.exs NOT prod.secret.exs	Phoenix prod configuration file
filename:prod.secret.exs	Phoenix prod secret
filename:configuration.php JConfig password	Joomla configuration file
filename:config.php dbpasswd	PHP application database password (e.g., phpBB forum software)
path:sites databases password	Drupal website database credentials
shodan_api_key language:python	Shodan API keys (try other languages too)
filename:shadow path:etc	Contains encrypted passwords and account information of new unix systems
filename:passwd path:etc	Contains user account information including encrypted passwords of traditional unix systems
extension:avastlic	Contains license keys for Avast! Antivirus
extension:dbeaver-data-sources.xml	DBeaver config containing MySQL Credentials
filename:.esmtprc password	esmtp configuration
extension:json googleusercontent client_secret	OAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shell	Github token usually set by homebrew users
xoxp OR xoxb	Slack bot and private tokens
.mlab.com password	MLAB Hosted MongoDB Credentials
filename:logins.json	Firefox saved password collection (key3.db usually in same repo)
filename:CCCam.cfg	CCCam Server config file
msg nickserv identify filename:config	Possible IRC login passwords
filename:settings.py SECRET_KEY	Django secret keys (usually allows for session hijacking, RCE, etc)

gitminer的更多相关文章

4款Github泄漏敏感信息搜索工具简单比较
gitrob Ruby开发,支持通过postgresql数据库https://github.com/michenriksen/gitrob weakfilescan Python开发,多线程,猪猪侠开 ...
BlackArch-Tools
BlackArch-Tools 简介安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 ...
github渗透测试工具库
本文作者:Yunying 原文链接:https://www.cnblogs.com/BOHB-yunying/p/11856178.html 导航: 2.漏洞练习平台 WebGoat漏洞练习平台: h ...
github渗透测试工具库[转载]
前言今天看到一个博客里有这个置顶的工具清单,但是发现这些都是很早以前就有文章发出来的,我爬下来后一直放在txt里吃土.这里一起放出来. 漏洞练习平台 WebGoat漏洞练习平台:https://gi ...

随机推荐

Alpha版本测试
Alpha版本测试报告项目名称:面向团队的日程提醒系统软件版本:1.0.0 开发方:Team c# 开发代表:崔强杜正远是否经过开发自测(单元测试):是软件运行环境: Android4.4. ...
SpringMVC（三）-- springmvc的系统学习之数据的处理，乱码及restful
资源:尚学堂邹波 springmvc框架视频一.提交数据的处理 1.提交的域名称和处理方法的参数一致 (1)提交的数据:http://localhost:8080/data/hello.do?na ...
Visual studio 2013 安装的漫长过程
本周有一个任务是安装VS 2013版本,下载了安装包,七点多G,oh my god!!! 图上维持了两三个小时,可能我电脑台low了..... 因为是win7系统,需要进行重启电脑. 安装成功之后. ...
everything 提供http和ftp的功能
1. 早上起床看知乎,发现everything 有http和ftp的功能, 简单看了一下的确很强大.. 就是有点危险.. 功能位置. 2. 最下面有FTP和HTTP 可以进行启用这是http的建议 ...
wordpress 点击文章图片不能编辑（chrome下面） wordpress Uncaught DOMException: Failed to execute 'setBaseAndExtent' on 'Selection': There is no child at offset 1.
说明:在chrome下面,编辑文章插入的图片,点击到图片上面,没有菜单显示. 报错: tinymce.min.js:10 Uncaught DOMException: Failed to execut ...
maven依赖包冲突解决思路
1.显示依赖关系mvn dependency:tree > tree.txt显示所有依赖关系,并输出到text.txtmvn dependency:tree -Dverbose > tre ...
redis后台启动配置
在cmd窗口启动redis,窗口关闭后再次操作会报错. 将redis安装为服务,可使其在后台启动,无须担心误操作关闭服务窗口. 配置如下: 进入redis目录,输入如下命令执行即可: redis-se ...
poj1741 Tree（点分治）
题目链接:http://poj.org/problem?id=1741 题意:求树上两点之间距离小于等于k的点对的数量思路:点分治模板题,推荐一篇讲的非常好的博客:https://blog.csdn ...
【BZOJ1413】[ZJOI2009]取石子游戏（博弈论，动态规划）
[BZOJ1413][ZJOI2009]取石子游戏(博弈论,动态规划) 题面 BZOJ 洛谷题解神仙题.jpg.\(ZJOI\)是真的神仙. 发现\(SG\)函数等东西完全找不到规律,无奈只能翻题 ...
SpringBoot整合Mybatis之xml
SpringBoot整合Mybatis mybatis ORM框架.几个重要的概念: Mapper配置 : 可以使用基于XML的Mapper配置文件来实现,也可以使用基于Java注解的Mybatis注 ...