Github-Dorks与辅助工具
前言
Github搜索功能非常强大且有用,可用于在开源出来的Github仓库中搜索敏感数据。可以找到敏感的个人和/或组织信息(例如私钥,凭据,身份验证令牌等)。
文中的github dork列表可以在大家评估系统安全性和对系统进行渗透测试的时候使用。
GitHub Dork搜索工具
github-dork.py是一个做简单的搜索github内容的python脚本,提供了基本功能,可以针对文本文件中指定的文档类型自动在Github仓库中进行搜索。
安装
github3.py
https://github.com/sigmavirus24/github3.py
此工具使用github3.py与GitHub Search API进行通信。克隆这个项目后安装依赖库。
pip install -r requirements.txt
用法
GH_USER - Environment variable to specify github user
GH_PWD - Environment variable to specify password
GH_TOKEN - Environment variable to specify github token
GH_URL - Environment variable to specify GitHub Enterprise base URL
下面列出了一些示例用法:
# search single repo
python github-dork.py -r techgaun/github-dorks
# search all repos of user
python github-dork.py -u techgaun
# search all repos of an organization
python github-dork.py -u dev-nepal
# search as authenticated user
GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal
# search using auth token
GH_TOKEN=<github_token> python github-dork.py -u dev-nepal
# search a GitHub Enterprise instance
GH_URL=https://github.example.com python github-dork.py -u dev-nepal
局限性
- 请求速度有限制。
- 输出格式不是很好。
- 处理速度和重试机制
Github Dorks
使用Github搜索语法的技巧列表
| Dork | Description |
|---|---|
| filename:.npmrc _auth | npm registry authentication data |
| filename:.dockercfg auth | docker registry authentication data |
| extension:pem private | private keys |
| extension:ppk private | puttygen private keys |
| filename:id_rsa or filename:id_dsa | private ssh keys |
| extension:sql mysql dump | mysql dump |
| extension:sql mysql dump password | mysql dump look for password; you can try varieties |
| filename:credentials aws_access_key_id | might return false negatives with dummy values |
| filename:.s3cfg | might return false negatives with dummy values |
| filename:wp-config.php | wordpress config files |
| filename:.htpasswd | htpasswd files |
| filename:.env DB_USERNAME NOT homestead | laravel .env (CI, various ruby based frameworks too) |
| filename:.env MAIL_HOST=smtp.gmail.com | gmail smtp configuration (try different smtp services too) |
| filename:.git-credentials | git credentials store, add NOT username for more valid results |
| PT_TOKEN language:bash | pivotaltracker tokens |
| filename:.bashrc password | search for passwords, etc. in .bashrc (try with .bash_profile too) |
| filename:.bashrc mailchimp | variation of above (try more variations) |
| filename:.bash_profile aws | aws access and secret keys |
| rds.amazonaws.com password | Amazon RDS possible credentials |
| extension:json api.forecast.io | try variations, find api keys/secrets |
| extension:json mongolab.com | mongolab credentials in json configs |
| extension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml) |
| jsforce extension:js conn.login | possible salesforce credentials in nodejs projects |
| SF_USERNAME salesforce | possible salesforce credentials |
| filename:.tugboat NOT _tugboat | Digital Ocean tugboat config |
| HEROKU_API_KEY language:shell | Heroku api keys |
| HEROKU_API_KEY language:json | Heroku api keys in json files |
| filename:.netrc password | netrc that possibly holds sensitive credentials |
| filename:_netrc password | netrc that possibly holds sensitive credentials |
| filename:hub oauth_token | hub config that stores github tokens |
| filename:robomongo.json | mongodb credentials file used by robomongo |
| filename:filezilla.xml Pass | filezilla config file with possible user/pass to ftp |
| filename:recentservers.xml Pass | filezilla config file with possible user/pass to ftp |
| filename:config.json auths | docker registry authentication data |
| filename:idea14.key | IntelliJ Idea 14 key, try variations for other versions |
| filename:config irc_pass | possible IRC config |
| filename:connections.xml | possible db connections configuration, try variations to be specific |
| filename:express.conf path:.openshift | openshift config, only email and server thou |
| filename:.pgpass | PostgreSQL file which can contain passwords |
| filename:proftpdpasswd | Usernames and passwords of proftpd created by cpanel |
| filename:ventrilo_srv.ini | Ventrilo configuration |
| [WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers |
| filename:server.cfg rcon password | Counter Strike RCON Passwords |
| JEKYLL_GITHUB_TOKEN | Github tokens used for jekyll |
| filename:.bash_history | Bash history file |
| filename:.cshrc | RC file for csh shell |
| filename:.history | history file (often used by many tools) |
| filename:.sh_history | korn shell history |
| filename:sshd_config | OpenSSH server config |
| filename:dhcpd.conf | DHCP service config |
| filename:prod.exs NOT prod.secret.exs | Phoenix prod configuration file |
| filename:prod.secret.exs | Phoenix prod secret |
| filename:configuration.php JConfig password | Joomla configuration file |
| filename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software) |
| path:sites databases password | Drupal website database credentials |
| shodan_api_key language:python | Shodan API keys (try other languages too) |
| filename:shadow path:etc | Contains encrypted passwords and account information of new unix systems |
| filename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems |
| extension:avastlic "support.avast.com" | Contains license keys for Avast! Antivirus |
| filename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials |
| filename:.esmtprc password | esmtp configuration |
| extension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs |
| HOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users |
| xoxp OR xoxb | Slack bot and private tokens |
| .mlab.com password | MLAB Hosted MongoDB Credentials |
| filename:logins.json | Firefox saved password collection (key3.db usually in same repo) |
| filename:CCCam.cfg | CCCam Server config file |
| msg nickserv identify filename:config | Possible IRC login passwords |
| filename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc) |
| filename:secrets.yml password | Usernames/passwords, Rails applications |
| filename:master.key path:config | Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+) |
| filename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials |
| filename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials |
| filename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials |
| filename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails |
| filename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials |
| filename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!) |
参考
Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks
https://amp.kitploit.com/2019/11/github-dorks-collection-of-github-dorks.html
Github-Dorks与辅助工具的更多相关文章
- 分享一个LiteDB做的简单考试系统辅助工具
凌晨,被安排在公司值班,因为台风“灿鸿”即将登陆,风力太大,办公楼,车间等重要部分需要关注.所以无聊,那就分享一下,今天给朋友临时做的一个小的考试系统辅助工具吧.其实非常小,需求也很简单,但是可以根据 ...
- 又一款linux提权辅助工具
又一款linux提权辅助工具 – Linux_Exploit_Suggester 2013-09-06 10:34 1455人阅读 评论(0) 收藏 举报 https://github.com/Pen ...
- linux下gitflow辅助工具安装和使用
gitflow是一个确保nvie推荐的git branch分支策略最佳模型得到有效实施的辅助工具.它作为git的一个子命令而存在. http://nvie.com/posts/a-successful ...
- Bytom Kit开发辅助工具介绍
Bytom Kit是一款为了帮助开发者更简单地理解Bytom的开发辅助工具,集合了校验.标注.解码.测试水龙头等功能. 该工具用python语言封装了一套比原的API和7个工具方法,如果有开发需求可以 ...
- 【分享】Vue 资源典藏(UI组件、开发框架、服务端、辅助工具、应用实例、Demo示例)
Vue 资源典藏,包括:UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例 element ★11612 - 饿了么出品的Vue2的web UI工具套件 Vux ★7503 - 基于Vue和 ...
- VSCode 小鸡汤 第01期 - REST Client 简单好用的接口测试辅助工具
介绍 今天给大家介绍一个后端开发辅助的好工具 -- REST Client,插件如其名这就是一个 REST 的客户端插件,把我们的 VSCode 转化为一个 REST 接口测试的利器 我们一般都会用 ...
- Vue UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例
Vue UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例 element ★11612 - 饿了么出品的Vue2的web UI工具套件 Vux ★7503 - 基于Vue和WeUI的组件库 ...
- Android App隐私合规检测辅助工具(Camille)
Camille Android App隐私合规检测辅助工具,项目仓库:https://github.com/zhengjim/camille 简介 现如今APP隐私合规十分重要,各监管部门不断开展AP ...
- 对"QQGame-大家来找茬"的辅助工具的改进
[前言]最近在博客园首页上看到有“大家来找茬”这个游戏(此游戏为找出两个相近图片的不同点)外挂的相关帖子,所以这里我也翻看了我之前(2009年5月)的写的一个简单的辅助程序(采用 VC6 开发的).我 ...
随机推荐
- linux下安装cryptography兼论查找合适pip的whl文件技巧
cryptography这个包,如果源码安装,需要GCC之类的编译,在生产环境不太现实. 所以选择了whl文件安装. 但在官方提供的whl文件里,没有我们熟悉的cp36-cp36m这样的命名文件,肿么 ...
- httprunner学习1-环境与登录接口案例
前言 HttpRunner 是一款面向 HTTP(S) 协议的通用测试框架,只需编写维护一份 YAML/JSON 脚本,即可实现自动化测试. 具有以下优点: 继承 Requests 的全部特性,轻松实 ...
- danci1
oddball 英 ['ɒdbɔːl] 美 adj. 古怪的:奇怪的 n. 古怪:古怪的人 rather than 英 美 而不是:宁可…也不愿 grasp 英 [grɑːsp] 美 [ɡræsp] ...
- 转 OJDBC驱动版本区别 [ojdbc14.jar,ojdbc5.jar跟ojdbc6.jar的区别]
OJDBC版本区别 [ojdbc14.jar,ojdbc5.jar和ojdbc6.jar的区别] 在使用Oracle JDBC驱动时,有些问题你是不是通过替换不同版本的Oracle JDBC驱动来解 ...
- CSS——设置边框渐变色
前言 最近在写一个typecho的主题,刚好遇到这样一个问题就记录下吧 步骤 这是一个CSS的过度效果,效果如下. 代码 .object{ width: 50px; height: 50px; bac ...
- MySQL命令操作(Linux平台)
Linux shell 批量创建数据库/表 Shell 脚本如下: # create database and table HOST='localhost' PORT='3306' USER='roo ...
- 斜率优化板题 HDU 3507 Print Article
题目大意:输出N个数字a[N],输出的时候可以连续的输出,每连续输出一串,它的费用是 "这串数字和的平方加上一个常数M".n<=500000 我们设dp[i]表示输出到i的时 ...
- 使用terraform 生成自签名证书
terraform 是一个很不错的基础设施工具,我们可以用来做关于基础设施部署的事情,可以实现基础设施即代码 以下演示一个简单的自签名证书的生成(使用tls provider) main.tf 文件 ...
- 【cf contest 1119 H】Triple
题目 给出 \(n\) 个三元组\(\{ a_i,b_i,c_i \}\)和\(x,y,z\): 将每个三元组扩展成(\(x\)个\(a_i\),\(y\)个\(b_i\),\(z\)个\(c_i\) ...
- linux命令之------Linux文档编辑
1.Vi和vim三种模式 (1)命令模式:移动光标 (2)插入模式:编辑文档 (3)末行模式:保存退出 不同模式操作示意图: 其中wq是保存退出,wq!强制保存退出:q不保存退出:q!强制不保存退出. ...