Github dorks

Générateur de dorks personnel

https://dorks.s1rn3tz.ovh/gitdorksdorks.s1rn3tz.ovh

De la même manière il est possible d'utiliser le moteur de recherche de Github pour trouver du contenu sensible sur une victime.

Quelques exemples:

#Dorks GiHub pour trouver clés API, Tokens et mots de passe
private
ldap
password
passwd
pwd
secret
Jenkins
OTP
authorizition
ftp
dotfiles
JDBC
key-keys
send_keys-keys
send,key-keys
token
user
login-singin
passkey-passkeys
pass
SecretAccesKey
app_AWS_SECRET_ACCESS_KEY
AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
connectionstring
ssh2_auth_password
BD_PASSWORD
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
user_password
user_pass
passcode
client_secret
password hash
user auth
api_hash
api_id

#bash / #Python / #sql / #php ...
language:<language> password
language:<language> pwd
language:<language> passwd
language:<language> secret
language:<language> private
language:<language> ldap
language:<language> ftp
language:<language> dotfiles
language:<language> JDBC
language:<language> key-keys
language:<language> send_keys-keys
language:<language> send,key-keys
language:<language> token
language:<language> user
language:<language> login-singin
language:<language> passkey-passkeys
language:<language> pass
language:<language> credentials
language:<language> config
language:<language> security_credentials
language:<language> connectionstring
language:<language> ssh2_auth_password
...
...

#Si vous trouvez un employé de la cible:
user:<users> linkedin
user:<users> full name
user:<users> https://
user:<users> ldap

#entreprise
org:<company> https://
org:<company> host:

#Tips (Cherchez des vecteurs d'attaque externes)
"<target>.atlassian" [<keyword>]
"<target>.okta" [<keyword>]
"corp.<target>" [<keyword>]
"jira.<target>" [<keyword>]
"<target>.oneline" [<keyword>]
"<target>.service-now" [<keyword>]

#Génériques
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:.npmrc _auth
filename:.dockercfg auth
filename:WebServers.xml
filename:.bash_history <Domain name>
filename:sftp-config.json
filename:sftp.json path:.vscode
filename:secrets.yml password
filename:.esmtprc password
filename:passwd path:etc
filename:dbeaver-data-sources.xml
path:sites databases password
filename:config.php dbpasswd
filename:prod.secret.exs
filename:configuration.php JConfig password
filename:.sh_history
shodan_api_key language:python
filename:shadow path:etc
JEKYLL_GITHUB_TOKEN
filename:proftpdpasswd
filename:.pgpass
filename:idea14.key
filename:hub oauth_token
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
SF_USERNAME salesforce
filename:.bash_profile aws
extension:json api.forecast.io
filename:.env MAIL_HOST=smtp.gmail.com
filename:wp-config.php
extension:sql mysql dump
filename:credentials aws_access_key_id
filename:id_rsa or filename:id_dsa
GitHub Dorks for Finding Languages
language:python username
language:php username
language:sql username
language:html password
language:perl password
language:shell username
language:java api
HOMEBREW_GITHUB_API_TOKEN language:shell

#Trouver des noms d'utilisateurs
user:name (user:admin)
org:name (org:google type:users)
in:login (<username> in:login)
in:name (<username> in:name)
fullname:firstname lastname (fullname:<name> <surname>)
in:email (data in:email)

#Utiliser les dates
created:<2012–04–05
created:>=2011–06–12
created:2016–02–07 location:iceland
created:2011–04–06..2013–01–14 <user> in:username

#Utiliser les extensions
extension:pem private
extension:ppk private
extension:sql mysql dump
extension:sql mysql dump password
extension:json api.forecast.io
extension:json mongolab.com
extension:yaml mongolab.com
[WFClient] Password= extension:ica
extension:avastlic “support.avast.com”
extension:json googleusercontent client_secret

#Autre
##Slack web hook
"https://hooks.slack[.]com/services/"

PrécédentGoogle dorks SuivantTwitter Dorks

Mis à jour il y a 1 an

Ce contenu vous a-t-il été utile ?

#Dorks GiHub pour trouver clés API, Tokens et mots de passe private ldap password passwd pwd secret Jenkins OTP authorizition ftp dotfiles JDBC key-keys send_keys-keys send,key-keys token user login-singin passkey-passkeys pass SecretAccesKey app_AWS_SECRET_ACCESS_KEY AWS_SECRET_ACCESS_KEY credentials config security_credentials connectionstring ssh2_auth_password BD_PASSWORD api_key “api keys” authorization_bearer: oauth auth authentication client_secret api_token: “api token” client_id user_password user_pass passcode client_secret password hash user auth api_hash api_id #bash / #Python / #sql / #php ... language:<language> password language:<language> pwd language:<language> passwd language:<language> secret language:<language> private language:<language> ldap language:<language> ftp language:<language> dotfiles language:<language> JDBC language:<language> key-keys language:<language> send_keys-keys language:<language> send,key-keys language:<language> token language:<language> user language:<language> login-singin language:<language> passkey-passkeys language:<language> pass language:<language> credentials language:<language> config language:<language> security_credentials language:<language> connectionstring language:<language> ssh2_auth_password ... ... #Si vous trouvez un employé de la cible: user:<users> linkedin user:<users> full name user:<users> https:// user:<users> ldap #entreprise org:<company> https:// org:<company> host: #Tips (Cherchez des vecteurs d'attaque externes) "<target>.atlassian" [<keyword>] "<target>.okta" [<keyword>] "corp.<target>" [<keyword>] "jira.<target>" [<keyword>] "<target>.oneline" [<keyword>] "<target>.service-now" [<keyword>] #Génériques filename:manifest.xml filename:travis.yml filename:vim_settings.xml filename:database filename:prod.exs NOT prod.secret.exs filename:prod.secret.exs filename:.npmrc _auth filename:.dockercfg auth filename:WebServers.xml filename:.bash_history <Domain name> filename:sftp-config.json filename:sftp.json path:.vscode filename:secrets.yml password filename:.esmtprc password filename:passwd path:etc filename:dbeaver-data-sources.xml path:sites databases password filename:config.php dbpasswd filename:prod.secret.exs filename:configuration.php JConfig password filename:.sh_history shodan_api_key language:python filename:shadow path:etc JEKYLL_GITHUB_TOKEN filename:proftpdpasswd filename:.pgpass filename:idea14.key filename:hub oauth_token HEROKU_API_KEY language:json HEROKU_API_KEY language:shell SF_USERNAME salesforce filename:.bash_profile aws extension:json api.forecast.io filename:.env MAIL_HOST=smtp.gmail.com filename:wp-config.php extension:sql mysql dump filename:credentials aws_access_key_id filename:id_rsa or filename:id_dsa GitHub Dorks for Finding Languages language:python username language:php username language:sql username language:html password language:perl password language:shell username language:java api HOMEBREW_GITHUB_API_TOKEN language:shell #Trouver des noms d'utilisateurs user:name (user:admin) org:name (org:google type:users) in:login (<username> in:login) in:name (<username> in:name) fullname:firstname lastname (fullname:<name> <surname>) in:email (data in:email) #Utiliser les dates created:<2012–04–05 created:>=2011–06–12 created:2016–02–07 location:iceland created:2011–04–06..2013–01–14 <user> in:username #Utiliser les extensions extension:pem private extension:ppk private extension:sql mysql dump extension:sql mysql dump password extension:json api.forecast.io extension:json mongolab.com extension:yaml mongolab.com [WFClient] Password= extension:ica extension:avastlic “support.avast.com” extension:json googleusercontent client_secret #Autre ##Slack web hook "https://hooks.slack[.]com/services/"