Man
Professional
- Messages
- 3,055
- Reaction score
- 580
- Points
- 113
With Github Dorks you can find interesting information and use it to earn rewards by participating in the Bugbounty program.
Hello everyone, dear friends!
With the help of Github Dorks you can find interesting information and use it to get a reward when participating in the Bugbounty program. In this article, I will share a list of GitHub Dorks and show how I hacked the developers' site with it.
We recently wrote about Google dorks. Well, GitHub also has its own dorks that can be used to find tasty data.
GitHub Dorks are search queries that help you find repositories with private data.
With the help of GitHub dorks you can find:
There are currently over 500 GitHub dorks. Some of them can be used in Google search by adding to the search query:
But when participating in the Bugbounty program, GitHub itself is more suitable, since it uses special operators to search through repositories.
For example, you can use a search by the programming language you are using. In this case, the search operator is usedlanguage:
To search by file names in GitHub repositories, use the operatorfilename:
To search by file extension, you need to use the operatorextension:
It should be noted that all fresh GitHub dorks quickly fall into the hands of information security experts. Therefore, it is better to search through repositories created in the last few days, sensitive data in which could have gone unnoticed by other bug hunters. For this task, the operator is usedcreated:
To work, you will need to create a GitHub Personal Access Token, or better yet, at least two such tokens. This is due to the fact that the search API is limited to 30 requests per minute: if there is only one token, we will very quickly run into the limits.
And I found a file that was modified 5 days ago
The file contained a lot of information. I used Ctrl + F to search the domain in the file. And as a result, I found the account data (email and password).
Then I started looking for the authorization page to try the credentials I found.
And as you can see in the screenshot below, I did it. I hacked the GitHub repository.
After which, he reported this to the developers and received his reward.
Hello everyone, dear friends!
With the help of Github Dorks you can find interesting information and use it to get a reward when participating in the Bugbounty program. In this article, I will share a list of GitHub Dorks and show how I hacked the developers' site with it.
What are GitHub Dorks and How to Use Them
GitHub is not only a platform for managing projects and code versions, but also a social network for programmers. Millions of developers around the world make changes to the code on GitHub several times a day, and they do not always check what they are uploading. Sometimes they accidentally forget to delete credentials - logins, passwords, and various tokens.We recently wrote about Google dorks. Well, GitHub also has its own dorks that can be used to find tasty data.
GitHub Dorks are search queries that help you find repositories with private data.
With the help of GitHub dorks you can find:
- Usernames
- Passwords
- Email addresses
- Tokens
- Secret keys
- Backup files
- And much more
There are currently over 500 GitHub dorks. Some of them can be used in Google search by adding to the search query:
Code:
site:github.comBut when participating in the Bugbounty program, GitHub itself is more suitable, since it uses special operators to search through repositories.
For example, you can use a search by the programming language you are using. In this case, the search operator is usedlanguage:
- language:javascript
- language
ython - languagehp
To search by file names in GitHub repositories, use the operatorfilename:
To search by file extension, you need to use the operatorextension:
It should be noted that all fresh GitHub dorks quickly fall into the hands of information security experts. Therefore, it is better to search through repositories created in the last few days, sensitive data in which could have gone unnoticed by other bug hunters. For this task, the operator is usedcreated:
Code:
extension:sql created:>2022-10-20GitHub Dorks List
The syntax for GitHub Dorks is simple:
Code:
“company-name” filename:databaseGitHub Dorks for file search:
- “company” filename:database
- “company” filename:secrets.yml
- “company” filenameasswd
- “company” filename:LocalSettings.php
- “company” filename:config.php
- “company” filename:config.inc.php
- “company” filename:configuration.php
- “company” filename:shadow
- “company” filename:.env
- “company” filename:wp-config.php
- “company” filename:credentials
- “company” filename:id_rsa
- “company” filename:id_dsa
- “company” filename:.sqlite
- “company” filename:secret_token.rb
- “company” filename:settings.py
- “company” filename:credentials.xml
GitHub Dorks for finding API keys, tokens and passwords:
- “company” api_key
- “company” client_secret
- “company” api_token:
- “company” client_id
- “company” shodan_api_key
- “company” password
- “company” user_password
- “company” client_secret
- “company” secret
- “company” user auth
GitHub Dorks for programming language based search:
- “company” languageython
- “company” language:bash
- “company” language:shell
- “company” language:bash
- “company” language:SQL
- “company” language:Shell
- “company” db_password
- “company” apikey
- “company” name” pwd
- “company” fb_secret
Tools for working with GitHub Dorks
Here are a couple of tools that will be useful.gdorklinks.sh
A simple script that generates GitHub search links with dorks. The parameter must be the name or website of the company. The output is ready-made links that you just need to paste into the browser and study the information received.GirDorker
GitDorker doesn't just generate links, it immediately searches for information using the GitHub Search API and an extensive list of dorks, of which there are currently 513. This tool can be called a more advanced version of the previous script.To work, you will need to create a GitHub Personal Access Token, or better yet, at least two such tokens. This is due to the fact that the search API is limited to 30 requests per minute: if there is only one token, we will very quickly run into the limits.
Hacking a Website with GitHub Dorks
So. Having participated in the Bugbounty program and having some information, I decided to check my target on GitHub. I added the company name and entered the following dork in the search bar:
Code:
"company" language:pythonAnd I found a file that was modified 5 days ago
The file contained a lot of information. I used Ctrl + F to search the domain in the file. And as a result, I found the account data (email and password).
Then I started looking for the authorization page to try the credentials I found.
And as you can see in the screenshot below, I did it. I hacked the GitHub repository.
After which, he reported this to the developers and received his reward.
