# Github dorks

## Générateur de dorks personnel

{% embed url="<https://dorks.s1rn3tz.ovh/gitdorks>" %}

De la même manière il est possible d'utiliser le moteur de recherche de Github pour trouver du contenu sensible sur une victime.

Quelques exemples:

```
#Dorks GiHub pour trouver clés API, Tokens et mots de passe
private
ldap
password
passwd
pwd
secret
Jenkins
OTP
authorizition
ftp
dotfiles
JDBC
key-keys
send_keys-keys
send,key-keys
token
user
login-singin
passkey-passkeys
pass
SecretAccesKey
app_AWS_SECRET_ACCESS_KEY
AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
connectionstring
ssh2_auth_password
BD_PASSWORD
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
user_password
user_pass
passcode
client_secret
password hash
user auth
api_hash
api_id

#bash / #Python / #sql / #php ...
language:<language> password
language:<language> pwd
language:<language> passwd
language:<language> secret
language:<language> private
language:<language> ldap
language:<language> ftp
language:<language> dotfiles
language:<language> JDBC
language:<language> key-keys
language:<language> send_keys-keys
language:<language> send,key-keys
language:<language> token
language:<language> user
language:<language> login-singin
language:<language> passkey-passkeys
language:<language> pass
language:<language> credentials
language:<language> config
language:<language> security_credentials
language:<language> connectionstring
language:<language> ssh2_auth_password
...
...

#Si vous trouvez un employé de la cible:
user:<users> linkedin
user:<users> full name
user:<users> https://
user:<users> ldap

#entreprise
org:<company> https://
org:<company> host:

#Tips (Cherchez des vecteurs d'attaque externes)
"<target>.atlassian" [<keyword>]
"<target>.okta" [<keyword>]
"corp.<target>" [<keyword>]
"jira.<target>" [<keyword>]
"<target>.oneline" [<keyword>]
"<target>.service-now" [<keyword>]

#Génériques
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:.npmrc _auth
filename:.dockercfg auth
filename:WebServers.xml
filename:.bash_history <Domain name>
filename:sftp-config.json
filename:sftp.json path:.vscode
filename:secrets.yml password
filename:.esmtprc password
filename:passwd path:etc
filename:dbeaver-data-sources.xml
path:sites databases password
filename:config.php dbpasswd
filename:prod.secret.exs
filename:configuration.php JConfig password
filename:.sh_history
shodan_api_key language:python
filename:shadow path:etc
JEKYLL_GITHUB_TOKEN
filename:proftpdpasswd
filename:.pgpass
filename:idea14.key
filename:hub oauth_token
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
SF_USERNAME salesforce
filename:.bash_profile aws
extension:json api.forecast.io
filename:.env MAIL_HOST=smtp.gmail.com
filename:wp-config.php
extension:sql mysql dump
filename:credentials aws_access_key_id
filename:id_rsa or filename:id_dsa
GitHub Dorks for Finding Languages
language:python username
language:php username
language:sql username
language:html password
language:perl password
language:shell username
language:java api
HOMEBREW_GITHUB_API_TOKEN language:shell

#Trouver des noms d'utilisateurs
user:name (user:admin)
org:name (org:google type:users)
in:login (<username> in:login)
in:name (<username> in:name)
fullname:firstname lastname (fullname:<name> <surname>)
in:email (data in:email)

#Utiliser les dates
created:<2012–04–05
created:>=2011–06–12
created:2016–02–07 location:iceland
created:2011–04–06..2013–01–14 <user> in:username

#Utiliser les extensions
extension:pem private
extension:ppk private
extension:sql mysql dump
extension:sql mysql dump password
extension:json api.forecast.io
extension:json mongolab.com
extension:yaml mongolab.com
[WFClient] Password= extension:ica
extension:avastlic “support.avast.com”
extension:json googleusercontent client_secret

#Autre
##Slack web hook
"https://hooks.slack[.]com/services/"
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.s1rn3tz.ovh/osint-recon/manuel-dorks/github-dorks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.