Git Dorks

filename: sftp-config.json password
filename:.npmrc _auth
filename:.cockercfg auth
extension:pem private
filename:proftpdpasswf
filename:logins.json
filename:config.php dbpasswd
filename:sshd_config
filename:.bash_history
filename:.bashrc password
filename:id_rsa or filename:id_rsa
extension:sql mysql dump
extension:sql mysql dump password
filename:credentials aws_access_key_id
filename:.s3cfg
filename:.htpasswd
filename:.env DB_USERNAME NOT homestead
filename:.git-credentials
org:"example" (AWS_ACCESS_KEY_ID OR AWS_ACCESS_SECRET_KEY)                        # Hard-coded AWS access & secret key
org:"example" ("sk_live_" OR "pk_live_")                                          # Hard-coded Stripe secret keys
org:"example" (SENDGRID_API_KEY OR sendgrid_api_key)                              # SendGrid API keys
org:"example" /"sk-[a-zA-Z0-9]{20,50}"/                                           # Hard-coded OpenAI API key
org:"example" (ANTHROPIC_API_KEY OR anthropic_api_key)                            # Anthropic API keys
org:"example" (PAYPAL_CLIENT_SECRET OR paypal_client_secret)                      # PayPal credentials
org:"example" (SQUARE_ACCESS_TOKEN OR square_access_token)                        # Square payment tokens
org:"example" (AZURE_CLIENT_SECRET OR AZURE_CLIENT_ID)                            # Azure credentials
org:"example" (CLOUDFLARE_API_TOKEN OR CF_API_TOKEN)                              # Cloudflare tokens
org:"example" (filename:.env OR filename:.env.local OR filename:travis.yml)       # Configuration and build files
org:"example" /http(s)?:\/\//                                                     # Hard-coded links
org:"example" ("mongodb://" OR "mongodb+srv://" OR "mysql://")                    # Database connection strings
org:"example" ("jwt_secret" OR "JWT_SECRET" OR "jwtSecret")                       # Authentication & security tokens
org:"example" (extension:pem OR extension:key OR extension:p12 OR extension:pfx)  # Certificate files
org:"example" (SLACK_BOT_TOKEN OR SLACK_WEBHOOK_URL)                              # Slack integration tokens
org:"example" (GITHUB_TOKEN OR GITHUB_PAT OR GH_TOKEN)                            # GitHub personal access tokens
org:"example" /\/\/(.*\.)?amazonaws\.com/                                         # AWS endpoints
org:"example" /\/\/(.*\.)?firebaseio\.com/
LogoGitHub - damit5/gitdorks_go: 一款在github上发现敏感信息的自动化收集工具GitHub
Credentials in git reposGitHub - finding vulnerabilities

Hard-coded AWS access & secret key

org:"example" (AWS_ACCESS_KEY_ID OR AWS_ACCESS_SECRET_KEY)

Configuration and build files

org:"example" (filename:.env OR filename:.env.local OR filename:travis.yml OR filename:Dockerfile or filename:docker-compose.yaml OR filename:package.json OR filename:web.config OR filename:settings.py)

Database connection 

org:"example" ("mongodb://" OR "mongodb+srv://" OR "mysql://")

Tokens

org:"example" ("jwt_secret" OR "JWT_SECRET" OR "jwtSecret")

Resources

LogoGitHub dorking for beginners: How to find more vulnerabilities using GitHub searchIntigriti

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousGoogle DorksNextCloud

Last updated