{"id":13510670,"url":"https://github.com/techgaun/github-dorks","last_synced_at":"2025-05-13T23:09:13.177Z","repository":{"id":37334608,"uuid":"44060490","full_name":"techgaun/github-dorks","owner":"techgaun","description":"Find leaked secrets via github search","archived":false,"fork":false,"pushed_at":"2025-02-02T18:40:16.000Z","size":76,"stargazers_count":2923,"open_issues_count":12,"forks_count":599,"subscribers_count":91,"default_branch":"master","last_synced_at":"2025-04-05T11:01:02.247Z","etag":null,"topics":["dork","dorker","github-dork","hacking","hacktoberfest","security-audit"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/techgaun.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"techgaun"}},"created_at":"2015-10-11T16:44:31.000Z","updated_at":"2025-04-02T09:46:54.000Z","dependencies_parsed_at":"2025-02-21T10:00:23.963Z","dependency_job_id":null,"html_url":"https://github.com/techgaun/github-dorks","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fgithub-dorks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fgithub-dorks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fgithub-dorks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fgithub-dorks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/techgaun","download_url":"https://codeload.github.com/techgaun/github-dorks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248572098,"owners_count":21126584,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dork","dorker","github-dork","hacking","hacktoberfest","security-audit"],"created_at":"2024-08-01T02:01:49.197Z","updated_at":"2025-04-12T13:23:26.024Z","avatar_url":"https://github.com/techgaun.png","language":"Python","readme":"[![Docker Build \u0026 Test](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml/badge.svg)](https://github.com/techgaun/github-dorks/actions/workflows/docker-build.yml)\n\n# Github Dorks\n\n[Github Search](https://github.com/search) is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.\n\n## GitHub Dork Search Tool\n\n[github-dork.py](github-dork.py) is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides basic functionality to automate the search on your repositories against the dorks specified in the text file.\n\n### Installation\n\nThis tool uses [github3.py](https://github.com/sigmavirus24/github3.py) to talk with GitHub Search API.\n\nClone this repository and run:\n\n```shell\npip install .\n```\n\n### Docker Installation\n\nYou can also run github-dorks using Docker for a consistent environment:\n\n```shell\n# Build the Docker image\ndocker build -t github-dorks .\n\n# Run with a GitHub token (recommended)\ndocker run -e GH_TOKEN=your_github_token github-dorks -u someuser\n\n# Run with username/password\ndocker run -e GH_USER=your_username -e GH_PWD=your_password github-dorks -u someuser\n\n# Save results to a CSV file\ndocker run -v $(pwd)/output:/app/output -e GH_TOKEN=your_github_token github-dorks -u someuser -o /app/output/results.csv\n```\n\n### Usage\n\n```\nGH_USER - Environment variable to specify Github user\nGH_PWD - Environment variable to specify a password\nGH_TOKEN - Environment variable to specify Github token\nGH_URL - Environment variable to specify GitHub Enterprise base URL\n```\n\nSome example usages are listed below:\n\n```shell\ngithub-dork.py -r techgaun/github-dorks # search a single repo\n\ngithub-dork.py -u techgaun # search all repos of a user\n\ngithub-dork.py -u dev-nepal # search all repos of an organization\n\nGH_USER=techgaun GH_PWD=\u003cmypass\u003e github-dork.py -u dev-nepal # search as authenticated user\n\nGH_TOKEN=\u003cgithub_token\u003e github-dork.py -u dev-nepal # search using auth token\n\nGH_URL=https://github.example.com github-dork.py -u dev-nepal # search a GitHub Enterprise instance\n```\n\n### Limitations\n\n- Authenticated requests get a higher rate limit. But, since this tool waits for the api rate limit to be reset (which is usually less than a minute), it can be slightly slow.\n- Output formatting is not great. PR welcome\n- ~~Handle rate limit and retry. PR welcome~~\n\n### Contribution\n\nPlease consider contributing dorks that can reveal potentially sensitive information on Github.\n\n### List of Dorks\n\nI am not categorizing at the moment. Instead, I am going to just the list of dorks with a description. Many of the dorks can be modified to make the search more specific or generic. You can see more options [here](https://github.com/search#search_cheatsheet_pane).\n\n Dork | Description\n------------------------------------------------|--------------------------------------------------------------------------\nfilename:.npmrc _auth | npm registry authentication data\nfilename:.dockercfg auth | docker registry authentication data\nextension:pem private | private keys\nextension:ppk private | puttygen private keys\nfilename:id_rsa or filename:id_dsa | private ssh keys\nextension:sql mysql dump | mysql dump\nextension:sql mysql dump password | mysql dump look for password; you can try varieties\nfilename:credentials aws_access_key_id | might return false negatives with dummy values\nfilename:.s3cfg | might return false negatives with dummy values\nfilename:wp-config.php | wordpress config files\nfilename:.htpasswd | htpasswd files\nfilename:.env DB_USERNAME NOT homestead | laravel .env (CI, various ruby based frameworks too)\nfilename:.env MAIL_HOST=smtp.gmail.com | gmail smtp configuration (try different smtp services too)\nfilename:.git-credentials | git credentials store, add NOT username for more valid results\nPT_TOKEN language:bash | pivotaltracker tokens\nfilename:.bashrc password | search for passwords, etc. in .bashrc (try with .bash_profile too)\nfilename:.bashrc mailchimp | variation of above (try more variations)\nfilename:.bash_profile aws | aws access and secret keys\nrds.amazonaws.com password | Amazon RDS possible credentials\nextension:json api.forecast.io | try variations, find api keys/secrets\nextension:json mongolab.com | mongolab credentials in json configs\nextension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml)\njsforce extension:js conn.login | possible salesforce credentials in nodejs projects\nSF_USERNAME salesforce | possible salesforce credentials\nfilename:.tugboat NOT _tugboat | Digital Ocean tugboat config\nHEROKU_API_KEY language:shell | Heroku api keys\nHEROKU_API_KEY language:json | Heroku api keys in json files\nfilename:.netrc password | netrc that possibly holds sensitive credentials\nfilename:_netrc password | netrc that possibly holds sensitive credentials\nfilename:hub oauth_token | hub config that stores github tokens\nfilename:robomongo.json | mongodb credentials file used by robomongo\nfilename:filezilla.xml Pass | filezilla config file with possible user/pass to ftp\nfilename:recentservers.xml Pass | filezilla config file with possible user/pass to ftp\nfilename:config.json auths | docker registry authentication data\nfilename:idea14.key | IntelliJ Idea 14 key, try variations for other versions\nfilename:config irc_pass | possible IRC config\nfilename:connections.xml | possible db connections configuration, try variations to be specific\nfilename:express.conf path:.openshift | openshift config, only email and server thou\nfilename:.pgpass | PostgreSQL file which can contain passwords\nfilename:proftpdpasswd | Usernames and passwords of proftpd created by cpanel\nfilename:ventrilo_srv.ini | Ventrilo configuration\n[WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers\nfilename:server.cfg rcon password | Counter Strike RCON Passwords\nJEKYLL_GITHUB_TOKEN | Github tokens used for jekyll\nfilename:.bash_history | Bash history file\nfilename:.cshrc | RC file for csh shell\nfilename:.history | history file (often used by many tools)\nfilename:.sh_history | korn shell history\nfilename:sshd_config | OpenSSH server config\nfilename:dhcpd.conf | DHCP service config\nfilename:prod.exs NOT prod.secret.exs | Phoenix prod configuration file\nfilename:prod.secret.exs | Phoenix prod secret\nfilename:configuration.php JConfig password | Joomla configuration file\nfilename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software)\npath:sites databases password | Drupal website database credentials\nshodan_api_key language:python | Shodan API keys (try other languages too)\nfilename:shadow path:etc | Contains encrypted passwords and account information of new unix systems\nfilename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems\nextension:avastlic \"support.avast.com\" | Contains license keys for Avast! Antivirus\nfilename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials\nfilename:.esmtprc password | esmtp configuration\nextension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs\nHOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users\nxoxp OR xoxb | Slack bot and private tokens\n.mlab.com password | MLAB Hosted MongoDB Credentials\nfilename:logins.json | Firefox saved password collection (key3.db usually in same repo)\nfilename:CCCam.cfg | CCCam Server config file\nmsg nickserv identify filename:config | Possible IRC login passwords\nfilename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc)\nfilename:secrets.yml password | Usernames/passwords, Rails applications\nfilename:master.key path:config | Rails master key (used for decrypting `credentials.yml.enc` for Rails 5.2+)\nfilename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials\nfilename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials\nfilename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials\nfilename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails\nfilename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials\nfilename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775))\n\"api_hash\" \"api_id\" | Telegram API token\n\"https://hooks.slack.com/services/\" | Slack services URL often have secret API token as a suffix\nfilename:github-recovery-codes.txt | GitHub recovery key\nfilename:gitlab-recovery-codes.txt | GitLab recovery key\nfilename:discord_backup_codes.txt | Discord recovery key\nextension:yaml cloud.redislabs.com | Redis credentials provided by Redis Labs found in a YAML file\nextension:json cloud.redislabs.com | Redis credentials provided by Redis Labs found in a JSON file\n","funding_links":["https://github.com/sponsors/techgaun"],"categories":["Python","\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","Open Sources Intelligence (OSINT)","Python (1887)","其他_安全与渗透","Uncategorized","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具","Tools","hacktoberfest","OSINT Tools","Awesome Penetration Testing (\"https://github.com/Muhammd/Awesome-Pentest\")"],"sub_categories":["\u003ca id=\"dc74ad2dd53aa8c8bf3a3097ad1f12b7\"\u003e\u003c/a\u003e社交网络","Dorking tools","网络服务_其他","Uncategorized","OSINT Tools","Web Vulnerability Scanners","Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechgaun%2Fgithub-dorks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechgaun%2Fgithub-dorks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechgaun%2Fgithub-dorks/lists"}