Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
338 views4 pages

GitHub Dorks for Security Experts

dork github

Uploaded by

rajureddyhyd55
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
338 views4 pages

GitHub Dorks for Security Experts

dork github

Uploaded by

rajureddyhyd55
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

GitHub Dorks for Finding Files:

-----------------------------------
org:company "firebase"
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:.npmrc _auth
filename:.dockercfg auth
filename:WebServers.xml
filename:.bash_history <Domain name>
filename:sftp-config.json
filename:sftp.json path:.vscode
filename:secrets.yml password
filename:.esmtprc password
filename:passwd path:etc
filename:dbeaver-data-sources.xml
path:sites databases password
filename:config.php dbpasswd
filename:prod.secret.exs
filename:configuration.php JConfig password
filename:.sh_history
shodan_api_key language:python
filename:shadow path:etc
JEKYLL_GITHUB_TOKEN
filename:proftpdpasswd
filename:.pgpass
filename:idea14.key
filename:hub oauth_token
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
SF_USERNAME salesforce
filename:.bash_profile aws
extension:json api.forecast.io
filename:.env MAIL_HOST=smtp.gmail.com
filename:wp-config.php
extension:sql mysql dump
filename:credentials aws_access_key_id
filename:id_rsa or filename:id_dsa
filename:.ipynb target password

GitHub Dorks for Finding Languages:


-------------------------------------------
language:python username
language:php username
language:sql username
language:html password
language:perl password
language:shell username
language:java api
HOMEBREW_GITHUB_API_TOKEN language:shell
GiHub Dorks for Finding API Keys, Tokens and Passwords
--------------------------------------------------------
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth

GitHub Dorks for Finding Usernames


--------------------------------------------
user:name (user:admin)
org:name (org:google type:users)
in:login (<username> in:login)
in:name (<username> in:name)
fullname:firstname lastname (fullname:<name> <surname>)
in:email (data in:email)

GitHub Dorks for Finding Information using Dates


------------------------------------------------------
created:<2012–04–05
created:>=2011–06–12
created:2016–02–07 location:iceland
created:2011–04–06..2013–01–14 <user> in:username

GitHub Dorks for Finding Information using Extension


-------------------------------------------------------
extension:pem private
extension:ppk private
extension:sql mysql dump
extension:sql mysql dump password
extension:json api.forecast.io
extension:json mongolab.com
extension:yaml mongolab.com
[WFClient] Password= extension:ica
extension:avastlic “support.avast.com”
extension:json googleusercontent client_secret

Password Dorks
----------------------------------------------
“target.com” pwd
“target.com” passwd
“target.com” password
“target.com” dbpassword
“target.com” access_key
“target.com” secret_access_key
“target.com” bucket_password
“target.com” redis_password
“target.com” root_password

AWS Credential Dorks


------------------------------------------------
org:Target “bucket_name”
org:Target “aws_access_key”
org:Target “aws_secret_key”
org:Target “S3_BUCKET”
org:Target “S3_ACCESS_KEY_ID”
org:Target “S3_SECRET_ACCESS_KEY”
org:Target “S3_ENDPOINT”
org:Target “AWS_ACCESS_KEY_ID”
org:Target “list_aws_account”

Sensitive files and Endpoints


------------------------------------------------
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.secret.exs
filename:npmrc_auth
filename:dockercfg auth
filename:Web Server.xml
filename:.basgrc password
filename:.get-credentials
filename:config.php dbpasswd
filename:dhcpd.conf
filename:.htpasswd
filename:wp-config.php
filename:ssh/id_rsa
filename:sftp.json
Server Dorks
--------------------------------------------------
“target.com” FTP
“target.com” SMTP
“target.com” LDAP
“target.com” SSH

Other Useful Dorks


---------------------------------------------------
“target.com” form_key
“target.com” CSRF
“target.com” SAML
“target.com” SAML_auth
“target.com” Web token

“target.com” admin password


“target.com” cpanel
“target.com” cpanel password

“target.com” userid
“target.com” user
“target.com” user password

“target.com” api.credential
“target.com” file=
“target.com” NPM

“target.com” cache.json
“target.com” package.json
“target.com” superadmin
“target.com” db.json
“target.com” private user

“target.com” user.json
“target.com” user_database.json
“target.com” send_keys
“target.com” Authorization_bearer

"exec(" "domain.tld" language:python


"exec(" "org" language:python
"eval(" "domain.tld" language:python
"eval(" "org_name" language:python
".format(self=self" "domain.tld" language:python
".format(self=self" "org_name" language:python

You might also like