Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of Github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pentesting of systems.
GitHub Dork Search Tool is a simple python tool that can automate the process of searching through your repository or your organization/user repositories. Provides a basic functionality to automate the search on your repositories against the dorks specified in text file.
Installation
This tool uses github3.py to talk with GitHub Search API.
Clone this repository
git clone https://github.com/techgaun/github-dorks.git
|
Run
pip install -r requirements.txt
|
Usage
GH_USER – Environment variable to specify github user
GH_PWD – Environment variable to specify password
GH_TOKEN – Environment variable to specify github token
GH_URL – Environment variable to specify GitHub Enterprise base URL
Usage Examples
Search single repo
python github-dork.py -r techgaun/github-dorks
|
Search all repos of user
python github-dork.py -u techgaun
|
Search all repos of an organization
python github-dork.py -u dev-nepal
|
Search as authenticated user
GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal
|
Search using auth token
GH_TOKEN=<github_token> python github-dork.py -u dev-nepal
|
Search a GitHub Enterprise instance
GH_URL=https://github.example.com python github-dork.py -u dev-nepal
|
Comentários
Postar um comentário