前言

Github搜索功能非常强大且有用,可用于在开源出来的Github仓库中搜索敏感数据。可以找到敏感的个人和/或组织信息(例如私钥,凭据,身份验证令牌等)。

文中的github dork列表可以在大家评估系统安全性和对系统进行渗透测试的时候使用。

GitHub Dork搜索工具

github-dork.py是一个做简单的搜索github内容的python脚本,提供了基本功能,可以针对文本文件中指定的文档类型自动在Github仓库中进行搜索。

安装

github3.py

https://github.com/sigmavirus24/github3.py

此工具使用github3.py与GitHub Search API进行通信。克隆这个项目后安装依赖库。

pip install -r requirements.txt

用法

GH_USER  - Environment variable to specify github user

GH_PWD   - Environment variable to specify password

GH_TOKEN - Environment variable to specify github token

GH_URL   - Environment variable to specify GitHub Enterprise base URL

下面列出了一些示例用法:

# search single repo

python github-dork.py -r techgaun/github-dorks

# search all repos of user

python github-dork.py -u techgaun

# search all repos of an organization

python github-dork.py -u dev-nepal

# search as authenticated user

GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     

# search using auth token

GH_TOKEN=<github_token> python github-dork.py -u dev-nepal

# search a GitHub Enterprise instance

GH_URL=https://github.example.com python github-dork.py -u dev-nepal

局限性

  • 请求速度有限制。
  • 输出格式不是很好。
  • 处理速度和重试机制

Github Dorks

使用Github搜索语法的技巧列表

Dork Description
filename:.npmrc _auth npm registry authentication data
filename:.dockercfg auth docker registry authentication data
extension:pem private private keys
extension:ppk private puttygen private keys
filename:id_rsa or filename:id_dsa private ssh keys
extension:sql mysql dump mysql dump
extension:sql mysql dump password mysql dump look for password; you can try varieties
filename:credentials aws_access_key_id might return false negatives with dummy values
filename:.s3cfg might return false negatives with dummy values
filename:wp-config.php wordpress config files
filename:.htpasswd htpasswd files
filename:.env DB_USERNAME NOT homestead laravel .env (CI, various ruby based frameworks too)
filename:.env MAIL_HOST=smtp.gmail.com gmail smtp configuration (try different smtp services too)
filename:.git-credentials git credentials store, add NOT username for more valid results
PT_TOKEN language:bash pivotaltracker tokens
filename:.bashrc password search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimp variation of above (try more variations)
filename:.bash_profile aws aws access and secret keys
rds.amazonaws.com password Amazon RDS possible credentials
extension:json api.forecast.io try variations, find api keys/secrets
extension:json mongolab.com mongolab credentials in json configs
extension:yaml mongolab.com mongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.login possible salesforce credentials in nodejs projects
SF_USERNAME salesforce possible salesforce credentials
filename:.tugboat NOT _tugboat Digital Ocean tugboat config
HEROKU_API_KEY language:shell Heroku api keys
HEROKU_API_KEY language:json Heroku api keys in json files
filename:.netrc password netrc that possibly holds sensitive credentials
filename:_netrc password netrc that possibly holds sensitive credentials
filename:hub oauth_token hub config that stores github tokens
filename:robomongo.json mongodb credentials file used by robomongo
filename:filezilla.xml Pass filezilla config file with possible user/pass to ftp
filename:recentservers.xml Pass filezilla config file with possible user/pass to ftp
filename:config.json auths docker registry authentication data
filename:idea14.key IntelliJ Idea 14 key, try variations for other versions
filename:config irc_pass possible IRC config
filename:connections.xml possible db connections configuration, try variations to be specific
filename:express.conf path:.openshift openshift config, only email and server thou
filename:.pgpass PostgreSQL file which can contain passwords
filename:proftpdpasswd Usernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.ini Ventrilo configuration
[WFClient] Password= extension:ica WinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon password Counter Strike RCON Passwords
JEKYLL_GITHUB_TOKEN Github tokens used for jekyll
filename:.bash_history Bash history file
filename:.cshrc RC file for csh shell
filename:.history history file (often used by many tools)
filename:.sh_history korn shell history
filename:sshd_config OpenSSH server config
filename:dhcpd.conf DHCP service config
filename:prod.exs NOT prod.secret.exs Phoenix prod configuration file
filename:prod.secret.exs Phoenix prod secret
filename:configuration.php JConfig password Joomla configuration file
filename:config.php dbpasswd PHP application database password (e.g., phpBB forum software)
path:sites databases password Drupal website database credentials
shodan_api_key language:python Shodan API keys (try other languages too)
filename:shadow path:etc Contains encrypted passwords and account information of new unix systems
filename:passwd path:etc Contains user account information including encrypted passwords of traditional unix systems
extension:avastlic "support.avast.com" Contains license keys for Avast! Antivirus
filename:dbeaver-data-sources.xml DBeaver config containing MySQL Credentials
filename:.esmtprc password esmtp configuration
extension:json googleusercontent client_secret OAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shell Github token usually set by homebrew users
xoxp OR xoxb Slack bot and private tokens
.mlab.com password MLAB Hosted MongoDB Credentials
filename:logins.json Firefox saved password collection (key3.db usually in same repo)
filename:CCCam.cfg CCCam Server config file
msg nickserv identify filename:config Possible IRC login passwords
filename:settings.py SECRET_KEY Django secret keys (usually allows for session hijacking, RCE, etc)
filename:secrets.yml password Usernames/passwords, Rails applications
filename:master.key path:config Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)
filename:deployment-config.json Created by sftp-deployment for Atom, contains server details and credentials
filename:.ftpconfig Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
filename:.remote-sync.json Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
filename:sftp.json path:.vscode Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:sftp-config.json Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials
filename:WebServers.xml Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)

参考

Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

https://amp.kitploit.com/2019/11/github-dorks-collection-of-github-dorks.html

Github-Dorks与辅助工具的更多相关文章

  1. 分享一个LiteDB做的简单考试系统辅助工具

    凌晨,被安排在公司值班,因为台风“灿鸿”即将登陆,风力太大,办公楼,车间等重要部分需要关注.所以无聊,那就分享一下,今天给朋友临时做的一个小的考试系统辅助工具吧.其实非常小,需求也很简单,但是可以根据 ...

  2. 又一款linux提权辅助工具

    又一款linux提权辅助工具 – Linux_Exploit_Suggester 2013-09-06 10:34 1455人阅读 评论(0) 收藏 举报 https://github.com/Pen ...

  3. linux下gitflow辅助工具安装和使用

    gitflow是一个确保nvie推荐的git branch分支策略最佳模型得到有效实施的辅助工具.它作为git的一个子命令而存在. http://nvie.com/posts/a-successful ...

  4. Bytom Kit开发辅助工具介绍

    Bytom Kit是一款为了帮助开发者更简单地理解Bytom的开发辅助工具,集合了校验.标注.解码.测试水龙头等功能. 该工具用python语言封装了一套比原的API和7个工具方法,如果有开发需求可以 ...

  5. 【分享】Vue 资源典藏(UI组件、开发框架、服务端、辅助工具、应用实例、Demo示例)

    Vue 资源典藏,包括:UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例 element ★11612 - 饿了么出品的Vue2的web UI工具套件 Vux ★7503 - 基于Vue和 ...

  6. VSCode 小鸡汤 第01期 - REST Client 简单好用的接口测试辅助工具

    介绍 今天给大家介绍一个后端开发辅助的好工具 -- REST Client,插件如其名这就是一个 REST 的客户端插件,把我们的 VSCode 转化为一个 REST 接口测试的利器 我们一般都会用 ...

  7. Vue UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例

    Vue UI组件 开发框架 服务端 辅助工具 应用实例 Demo示例 element ★11612 - 饿了么出品的Vue2的web UI工具套件 Vux ★7503 - 基于Vue和WeUI的组件库 ...

  8. Android App隐私合规检测辅助工具(Camille)

    Camille Android App隐私合规检测辅助工具,项目仓库:https://github.com/zhengjim/camille 简介 现如今APP隐私合规十分重要,各监管部门不断开展AP ...

  9. 对"QQGame-大家来找茬"的辅助工具的改进

    [前言]最近在博客园首页上看到有“大家来找茬”这个游戏(此游戏为找出两个相近图片的不同点)外挂的相关帖子,所以这里我也翻看了我之前(2009年5月)的写的一个简单的辅助程序(采用 VC6 开发的).我 ...

随机推荐

  1. 详细点的Mysql主从同步

    .说明 此操作文档,如果在master机器已开启bin-log及设定好server-id的情况下,可以不锁表,不停机的实现master-slave同步.这一同步可以将master上已有数据同步到sla ...

  2. 压缩及解压命令gzip、bzip2、tar

    1. gzip 描述:压缩与解压缩 用法:gzip[选项]...[文件名称]... 选项:-d 解压 gzip hello.txt     # 文件压缩后名为hello.txt.gz gzip -d ...

  3. HBase数据结构

    1 RowKey 与nosql数据库们一样,RowKey是用来检索记录的主键.访问HBASE table中的行,只有三种方式: 1.通过单个RowKey访问 2.通过RowKey的range(正则) ...

  4. 5 Successful Business Models for Web-Based Open-Source Projects

    https://handsontable.com/blog/articles/2016/3/5-successful-business-models-for-web-based-open-source ...

  5. web自动化测试-selenium的三种等待

    一.等待的作用 1.在系统的功能运行过程中,所有的内容是需要一定的时间来实现展示, 2.时间耗费长短与网络速度.系统框架设定.接口的执行复杂度有关, 3.因此需要设置缓冲时间,若未设置缓冲时间,容易导 ...

  6. 聊聊rocketmq的ConsumeMode.CONCURRENTLY

    序 本文主要研究一下rocketmq的ConsumeMode.CONCURRENTLY ConsumeMode.CONCURRENTLY rocketmq-spring-boot-2.0.4-sour ...

  7. 我永远讨厌gch文件

    一个学期没写博客了. 今天写OOP作业见鬼了, 调了半天. 我写了一个match.h和一个match.cpp, 然后match.cpp里面#include"match.h", 然后 ...

  8. 02-Flutter移动电商实战-建立项目和编写入口文件

    环境搭建请参考之前写的一篇文章:Flutter_初体验_创建第一个应用 1.创建项目 采用AndroidStudio构建本项目,FIle>New>New Flutter Project… ...

  9. Linear Discriminant Analysis Algorithm

    线性判别分析算法. 逻辑回归是一种分类算法,传统上仅限于两类分类问题. 如果有两个以上的类,那么线性判别分析算法是首选的线性分类技术.LDA的表示非常直接.它包括数据的统计属性,为每个类计算.对于单个 ...

  10. 10.31-11.1Test(未完)

    10.31-11.1Test 题目 描述 做法 \(BSOJ5177\) 求在\(n\)个数里选\(K\)个的所有方案的异或和之和 按位讨论,组合数算 \(BSOJ5178\) 化简\(\displa ...