{"id":13492269,"url":"https://github.com/sdushantha/dora","last_synced_at":"2025-04-06T07:14:48.464Z","repository":{"id":40482991,"uuid":"403948977","full_name":"sdushantha/dora","owner":"sdushantha","description":"Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found","archived":false,"fork":false,"pushed_at":"2023-11-06T13:46:31.000Z","size":2266,"stargazers_count":335,"open_issues_count":0,"forks_count":49,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-30T06:07:02.727Z","etag":null,"topics":["apikeys","bugbounty","bugcrowd","ethical-hacking","exploits","hackerone","infosec","python","regex"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sdushantha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-07T11:16:24.000Z","updated_at":"2025-03-24T21:18:37.000Z","dependencies_parsed_at":"2024-12-16T18:34:36.045Z","dependency_job_id":"9ab055d1-2719-4f0a-b284-73a194e925af","html_url":"https://github.com/sdushantha/dora","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdushantha%2Fdora","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdushantha%2Fdora/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdushantha%2Fdora/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdushantha%2Fdora/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sdushantha","download_url":"https://codeload.github.com/sdushantha/dora/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247445681,"owners_count":20939961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apikeys","bugbounty","bugcrowd","ethical-hacking","exploits","hackerone","infosec","python","regex"],"created_at":"2024-07-31T19:01:04.600Z","updated_at":"2025-04-06T07:14:48.446Z","avatar_url":"https://github.com/sdushantha.png","language":"Python","readme":"\u003ch1 align=center\u003e\u003ccode\u003edora\u003c/code\u003e\u003c/h1\u003e\n\u003cp align=center\u003e\n  \u003cimg src=\"images/preview.png\"/\u003e\n\u003c/p\u003e\n\n\n## Features\n- Blazing fast as we are using `ripgrep` in backend\n- Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting\n- Unlike many other API key finders, `dora` also shows the path to the file and the line with context for easier analysis\n- Can easily be implemented into scripts. See [Example Use Cases](https://github.com/sdushantha/dora#example-use-cases)\n\n## Installation\n\n**Make sure to install [ripgrep](https://github.com/BurntSushi/ripgrep)**\n\n```console\n# clone the repo\n$ git clone https://github.com/sdushantha/dora.git\n\n# change the working directory to dora\n$ cd dora \n\n# install dora\n$ python3 setup.py install --user\n```\n\n## Usage\n\n```console\n$ dora --help\nusage: dora [options]\n\npositional arguments:\n  PATH                  Path to directory or file to scan\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --rg-path RG_PATH     Specify path to ripgrep\n  --rg-arguments RG_ARGUMENTS\n                        Arguments you want to provide to ripgrep\n  --json JSON           Load regex data from a valid JSON file (default: db/data.json)\n  --verbose, -v, --debug, -d\n                        Display extra debugging information\n  --no-color            Don't show color in terminal output\n```\n\n## Example Use Cases \n1. Decompile an APK using `apktool` and run `dora` to find exposed API keys\n2. Scan GitHub repos by cloning it and allowing `dora` to scan it\n3. While scraping sites, run `dora` to scan for API keys\n\n## Contributing\nYou are more than welcome to contribute in one of the following ways:\n- Add or improve existing regular expressions for matching API keys\n- Add or improve the `info` in the JSON data for an API key to better help the user getting a valid bug bounty report when reporting an API key they have found\n- Fix bugs (kindly refrain from creating bugs)\n\n## Credits\n\nOriginal creator - [Siddharth Dushantha](https://github.com/sdushantha)\n\nMany of the regular expressions where taken from the following GitHub repositories:\n- [truffleHogRegexes](https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json) by [dxa4481](https:/github.com/dxa4481)\n- [secretx](https://github.com/harry1080/secretx/blob/master/patterns.json) by [harry1080](https:/github.com/harry1080)\n- [gitGraber](https://github.com/hisxo/gitGraber/blob/master/tokens.py) by [hisxo](https://github.com/hisxo)\n- [shhgit](https://github.com/eth0izzle/shhgit/blob/3ce441853d999dacf6e20e59b116c135dcdd0c68/config.yaml) by [eth0izzle](https://github.com/eth0izzle)\n- [w13scan](https://github.com/w-digital-scanner/w13scan/blob/master/W13SCAN/scanners/PerFile/js_sensitive_content.py) by [w-digital-scanner](https://github.com/w-digital-scanner)\n- [SecretFinder](https://github.com/m4ll0k/SecretFinder/blob/master/BurpSuite-SecretFinder/SecretFinder.py) by [m4ll0k](https://github.com/m4ll0k)\n- [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates/blob/master/exposed-tokens/generic/credentials-disclosure.yaml) by [projectdiscovery](https://github.com/projectdiscovery)\n- [AdvancedKeyHacks](https://github.com/udit-thakkur/AdvancedKeyHacks/blob/master/hackcura_apikey_hacks.sh) by [udit-thakkur](https://github.com/udit-thakkur)\n- [pentest-tools](https://github.com/gwen001/pentest-tools/blob/master/keyhacks.sh) by [gwen001](https://github.com/gwen001)\n- [gitleaks](https://github.com/zricethezav/gitleaks) by [zricethezav](https://github.com/zricethezav)\n- [dalfox](https://github.com/hahwul/dalfox/blob/1f32f3494e1aa3312f84b3e2a836eb61a9ae9aac/pkg/scanning/grep.go) by [hahwul](https://github.com/hahwul)\n\nMajority of the exploitation/POC methods were taken from [keyhacks](https://github.com/streaak/keyhacks) repository by [streaak](https://github.com/streaak)\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdushantha%2Fdora","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsdushantha%2Fdora","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdushantha%2Fdora/lists"}