⭐ Star us on GitHub — it motivates a lot! ⭐
If you have any GitHub Dorks, just create a PullRequest.
- best aws secret dorks
- best misspelled keywords dorks
- best db pw dorks
- best credentials combis
- best github secret combis
- CMS github secret
- htacces dorks
- email dorks
- github dorks Writeups
Screenshot
- Check out the commits
- Check out the company staff GitHub repos
- Check for company secret words
- Always check/review your code: this will help you identify any employee's bad security practices.
- Clear your GitHub history to protect your most sensitive information.
- Use ENV variables to store key information in CI/CD. Tools such as Vault are one of the best suggestions for these situations.
- If you are sure that the data has been exposed, make sure to invalidate the token and password.
- Configure 2FA for all your GitHub accounts
- Once employees no longer work for your company, be sure to revoke all their access rights.
- Write and publish a disclosure policy in your SECURITY.md file. Never let your company’s developers share GitHub credentials with anyone.
https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
- filename:manifest.xml
- filename:travis.yml
- filename:vim_settings.xml
- filename:database
- filename:prod.exs NOT prod.secret.exs
- filename:prod.secret.exs
- filename:.npmrc _auth
- filename:.dockercfg auth
- filename:WebServers.xml
- filename:.bash_history
- filename:sftp-config.json
- filename:sftp.json path:.vscode
- filename:secrets.yml password
- filename:.esmtprc password
- filename:passwd path:etc
- filename:dbeaver-data-sources.xml
- path:sites databases password
- filename:config.php dbpasswd
- filename:prod.secret.exs
- filename:configuration.php JConfig password
- filename:.sh_history
- shodan_api_key language:python
- filename:shadow path:etc
- JEKYLL_GITHUB_TOKEN
- filename:proftpdpasswd
- filename:.pgpass
- filename:idea14.key
- filename:hub oauth_token
- HEROKU_API_KEY language:json
- HEROKU_API_KEY language:shell
- SF_USERNAME salesforce
- filename:.bash_profile aws
- extension:json api.forecast.io
- filename:.env MAIL_HOST=smtp.gmail.com
- filename:wp-config.php
- extension:sql mysql dump
- filename:credentials aws_access_key_id
- filename:id_rsa or filename:id_dsa
- language:python username
- language:php username
- language:sql username
- language:html password
- language:perl password
- language:shell username
- language:java api
- HOMEBREW_GITHUB_API_TOKEN language:shell
- api_key
- “api keys”
- authorization_bearer:
- oauth
- auth
- authentication
- client_secret
- api_token:
- “api token”
- client_id
- password
- user_password
- user_pass
- passcode
- client_secret
- secret
- password hash
- OTP
- user auth
- user:name (user:admin)
- org:name (org:google type:users)
- in:login ( in:login)
- in:name ( in:name)
- fullname:firstname lastname (fullname: )
- in:email (data in:email)
- created:<2012–04–05
- created:>=2011–06–12
- created:2016–02–07 location:iceland
- created:2011–04–06..2013–01–14 in:username ...
- extension:pem private
- extension:ppk private
- extension:sql mysql dump
- extension:sql mysql dump password
- extension:json api.forecast.io
- extension:json mongolab.com
- extension:yaml mongolab.com
- [WFClient] Password= extension:ica
- extension:avastlic “support.avast.com”
- extension:json googleusercontent client_secret ...
Needless to mention, please use this tool very very carefully. The authors won't be responsible for any consequences.