2022-09-12 13:26:56 +00:00
|
|
|
|
# Github Dorks & Leaks
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
2023-04-25 18:35:28 +00:00
|
|
|
|
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
2023-08-03 19:12:22 +00:00
|
|
|
|
* 你在一家**网络安全公司**工作吗?想要在HackTricks中看到你的**公司广告**吗?或者你想要**获取PEASS的最新版本或下载PDF格式的HackTricks**吗?请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
2023-09-04 14:18:18 +00:00
|
|
|
|
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
|
2023-08-03 19:12:22 +00:00
|
|
|
|
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
|
2023-09-04 14:18:18 +00:00
|
|
|
|
* **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或者 [**telegram群组**](https://t.me/peass) 或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
|
2023-08-03 19:12:22 +00:00
|
|
|
|
* **通过向**[**hacktricks repo**](https://github.com/carlospolop/hacktricks) **和**[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud) **提交PR来分享你的黑客技巧。**
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
2022-07-21 20:26:09 +00:00
|
|
|
|
<img src="../../.gitbook/assets/i3.png" alt="" data-size="original">\
|
2023-09-04 14:18:18 +00:00
|
|
|
|
**Bug赏金提示**:**注册**Intigriti,一个由黑客创建的高级**Bug赏金平台**!立即加入我们的[**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks),开始赚取高达**$100,000**的赏金!
|
2022-06-28 10:36:33 +00:00
|
|
|
|
|
|
|
|
|
|
{% embed url="https://go.intigriti.com/hacktricks" %}
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
2023-08-03 19:12:22 +00:00
|
|
|
|
现在,我们已经建立了我们范围内的资产列表,是时候搜索一些OSINT的低风险目标了。
|
2021-06-27 14:28:05 +00:00
|
|
|
|
|
2023-09-04 14:18:18 +00:00
|
|
|
|
### 已经搜索泄漏的平台
|
2023-07-30 21:44:52 +00:00
|
|
|
|
|
|
|
|
|
|
* [https://trufflesecurity.com/blog/introducing-forager/](https://trufflesecurity.com/blog/introducing-forager/)
|
|
|
|
|
|
|
2023-09-04 14:18:18 +00:00
|
|
|
|
### Github中的API密钥泄漏
|
2021-06-27 14:28:05 +00:00
|
|
|
|
|
2023-07-30 21:44:52 +00:00
|
|
|
|
* [https://github.com/dxa4481/truffleHog](https://github.com/dxa4481/truffleHog)
|
|
|
|
|
|
* [https://github.com/gitleaks/gitleaks](https://github.com/gitleaks/gitleaks)
|
2023-09-04 14:18:18 +00:00
|
|
|
|
* [https://github.com/Yelp/detect-secrets](https://github.com/Yelp/detect-secrets)
|
2021-06-27 14:28:05 +00:00
|
|
|
|
* [https://github.com/hisxo/gitGraber](https://github.com/hisxo/gitGraber)
|
|
|
|
|
|
* [https://github.com/eth0izzle/shhgit](https://github.com/eth0izzle/shhgit)
|
|
|
|
|
|
* [https://github.com/techgaun/github-dorks](https://github.com/techgaun/github-dorks)
|
|
|
|
|
|
* [https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob)
|
|
|
|
|
|
* [https://github.com/anshumanbh/git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
|
|
|
|
|
|
* [https://github.com/awslabs/git-secrets](https://github.com/awslabs/git-secrets)
|
|
|
|
|
|
* [https://github.com/kootenpv/gittyleaks](https://github.com/kootenpv/gittyleaks)
|
|
|
|
|
|
* [https://github.com/obheda12/GitDorker](https://github.com/obheda12/GitDorker)
|
|
|
|
|
|
|
2022-06-28 10:36:33 +00:00
|
|
|
|
### **Dorks**
|
2021-06-27 14:28:05 +00:00
|
|
|
|
```bash
|
|
|
|
|
|
".mlab.com password"
|
|
|
|
|
|
"access_key"
|
|
|
|
|
|
"access_token"
|
|
|
|
|
|
"amazonaws"
|
|
|
|
|
|
"api.googlemaps AIza"
|
|
|
|
|
|
"api_key"
|
|
|
|
|
|
"api_secret"
|
|
|
|
|
|
"apidocs"
|
|
|
|
|
|
"apikey"
|
|
|
|
|
|
"apiSecret"
|
|
|
|
|
|
"app_key"
|
|
|
|
|
|
"app_secret"
|
|
|
|
|
|
"appkey"
|
|
|
|
|
|
"appkeysecret"
|
|
|
|
|
|
"application_key"
|
|
|
|
|
|
"appsecret"
|
|
|
|
|
|
"appspot"
|
|
|
|
|
|
"auth"
|
|
|
|
|
|
"auth_token"
|
|
|
|
|
|
"authorizationToken"
|
|
|
|
|
|
"aws_access"
|
|
|
|
|
|
"aws_access_key_id"
|
|
|
|
|
|
"aws_key"
|
|
|
|
|
|
"aws_secret"
|
|
|
|
|
|
"aws_token"
|
|
|
|
|
|
"AWSSecretKey"
|
|
|
|
|
|
"bashrc password"
|
|
|
|
|
|
"bucket_password"
|
|
|
|
|
|
"client_secret"
|
|
|
|
|
|
"cloudfront"
|
|
|
|
|
|
"codecov_token"
|
|
|
|
|
|
"config"
|
|
|
|
|
|
"conn.login"
|
|
|
|
|
|
"connectionstring"
|
|
|
|
|
|
"consumer_key"
|
|
|
|
|
|
"credentials"
|
|
|
|
|
|
"database_password"
|
|
|
|
|
|
"db_password"
|
|
|
|
|
|
"db_username"
|
|
|
|
|
|
"dbpasswd"
|
|
|
|
|
|
"dbpassword"
|
|
|
|
|
|
"dbuser"
|
|
|
|
|
|
"dot-files"
|
|
|
|
|
|
"dotfiles"
|
|
|
|
|
|
"encryption_key"
|
|
|
|
|
|
"fabricApiSecret"
|
|
|
|
|
|
"fb_secret"
|
|
|
|
|
|
"firebase"
|
|
|
|
|
|
"ftp"
|
|
|
|
|
|
"gh_token"
|
|
|
|
|
|
"github_key"
|
|
|
|
|
|
"github_token"
|
|
|
|
|
|
"gitlab"
|
|
|
|
|
|
"gmail_password"
|
|
|
|
|
|
"gmail_username"
|
|
|
|
|
|
"herokuapp"
|
|
|
|
|
|
"internal"
|
|
|
|
|
|
"irc_pass"
|
|
|
|
|
|
"JEKYLL_GITHUB_TOKEN"
|
|
|
|
|
|
"key"
|
|
|
|
|
|
"keyPassword"
|
|
|
|
|
|
"ldap_password"
|
|
|
|
|
|
"ldap_username"
|
|
|
|
|
|
"login"
|
|
|
|
|
|
"mailchimp"
|
|
|
|
|
|
"mailgun"
|
|
|
|
|
|
"master_key"
|
|
|
|
|
|
"mydotfiles"
|
|
|
|
|
|
"mysql"
|
|
|
|
|
|
"node_env"
|
|
|
|
|
|
"npmrc _auth"
|
|
|
|
|
|
"oauth_token"
|
|
|
|
|
|
"pass"
|
|
|
|
|
|
"passwd"
|
|
|
|
|
|
"password"
|
|
|
|
|
|
"passwords"
|
|
|
|
|
|
"pem private"
|
|
|
|
|
|
"preprod"
|
|
|
|
|
|
"private_key"
|
|
|
|
|
|
"prod"
|
|
|
|
|
|
"pwd"
|
|
|
|
|
|
"pwds"
|
|
|
|
|
|
"rds.amazonaws.com password"
|
|
|
|
|
|
"redis_password"
|
|
|
|
|
|
"root_password"
|
|
|
|
|
|
"secret"
|
|
|
|
|
|
"secret.password"
|
|
|
|
|
|
"secret_access_key"
|
|
|
|
|
|
"secret_key"
|
|
|
|
|
|
"secret_token"
|
|
|
|
|
|
"secrets"
|
|
|
|
|
|
"secure"
|
|
|
|
|
|
"security_credentials"
|
|
|
|
|
|
"send.keys"
|
|
|
|
|
|
"send_keys"
|
|
|
|
|
|
"sendkeys"
|
|
|
|
|
|
"SF_USERNAME salesforce"
|
|
|
|
|
|
"sf_username"
|
|
|
|
|
|
"site.com" FIREBASE_API_JSON=
|
|
|
|
|
|
"site.com" vim_settings.xml
|
|
|
|
|
|
"slack_api"
|
|
|
|
|
|
"slack_token"
|
|
|
|
|
|
"sql_password"
|
|
|
|
|
|
"ssh"
|
|
|
|
|
|
"ssh2_auth_password"
|
|
|
|
|
|
"sshpass"
|
|
|
|
|
|
"staging"
|
|
|
|
|
|
"stg"
|
|
|
|
|
|
"storePassword"
|
|
|
|
|
|
"stripe"
|
|
|
|
|
|
"swagger"
|
|
|
|
|
|
"testuser"
|
|
|
|
|
|
"token"
|
|
|
|
|
|
"x-api-key"
|
|
|
|
|
|
"xoxb "
|
|
|
|
|
|
"xoxp"
|
|
|
|
|
|
[WFClient] Password= extension:ica
|
|
|
|
|
|
access_key
|
|
|
|
|
|
bucket_password
|
|
|
|
|
|
dbpassword
|
|
|
|
|
|
dbuser
|
|
|
|
|
|
extension:avastlic "support.avast.com"
|
|
|
|
|
|
extension:bat
|
|
|
|
|
|
extension:cfg
|
|
|
|
|
|
extension:env
|
|
|
|
|
|
extension:exs
|
|
|
|
|
|
extension:ini
|
|
|
|
|
|
extension:json api.forecast.io
|
|
|
|
|
|
extension:json googleusercontent client_secret
|
|
|
|
|
|
extension:json mongolab.com
|
|
|
|
|
|
extension:pem
|
|
|
|
|
|
extension:pem private
|
|
|
|
|
|
extension:ppk
|
|
|
|
|
|
extension:ppk private
|
|
|
|
|
|
extension:properties
|
|
|
|
|
|
extension:sh
|
|
|
|
|
|
extension:sls
|
|
|
|
|
|
extension:sql
|
|
|
|
|
|
extension:sql mysql dump
|
|
|
|
|
|
extension:sql mysql dump password
|
|
|
|
|
|
extension:yaml mongolab.com
|
|
|
|
|
|
extension:zsh
|
|
|
|
|
|
filename:.bash_history
|
|
|
|
|
|
filename:.bash_history DOMAIN-NAME
|
|
|
|
|
|
filename:.bash_profile aws
|
|
|
|
|
|
filename:.bashrc mailchimp
|
|
|
|
|
|
filename:.bashrc password
|
|
|
|
|
|
filename:.cshrc
|
|
|
|
|
|
filename:.dockercfg auth
|
|
|
|
|
|
filename:.env DB_USERNAME NOT homestead
|
|
|
|
|
|
filename:.env MAIL_HOST=smtp.gmail.com
|
|
|
|
|
|
filename:.esmtprc password
|
|
|
|
|
|
filename:.ftpconfig
|
|
|
|
|
|
filename:.git-credentials
|
|
|
|
|
|
filename:.history
|
|
|
|
|
|
filename:.htpasswd
|
|
|
|
|
|
filename:.netrc password
|
|
|
|
|
|
filename:.npmrc _auth
|
|
|
|
|
|
filename:.pgpass
|
|
|
|
|
|
filename:.remote-sync.json
|
|
|
|
|
|
filename:.s3cfg
|
|
|
|
|
|
filename:.sh_history
|
|
|
|
|
|
filename:.tugboat NOT _tugboat
|
|
|
|
|
|
filename:_netrc password
|
|
|
|
|
|
filename:apikey
|
|
|
|
|
|
filename:bash
|
|
|
|
|
|
filename:bash_history
|
|
|
|
|
|
filename:bash_profile
|
|
|
|
|
|
filename:bashrc
|
|
|
|
|
|
filename:beanstalkd.yml
|
|
|
|
|
|
filename:CCCam.cfg
|
|
|
|
|
|
filename:composer.json
|
|
|
|
|
|
filename:config
|
|
|
|
|
|
filename:config irc_pass
|
|
|
|
|
|
filename:config.json auths
|
|
|
|
|
|
filename:config.php dbpasswd
|
|
|
|
|
|
filename:configuration.php JConfig password
|
|
|
|
|
|
filename:connections
|
|
|
|
|
|
filename:connections.xml
|
|
|
|
|
|
filename:constants
|
|
|
|
|
|
filename:credentials
|
|
|
|
|
|
filename:credentials aws_access_key_id
|
|
|
|
|
|
filename:cshrc
|
|
|
|
|
|
filename:database
|
|
|
|
|
|
filename:dbeaver-data-sources.xml
|
|
|
|
|
|
filename:deployment-config.json
|
|
|
|
|
|
filename:dhcpd.conf
|
|
|
|
|
|
filename:dockercfg
|
|
|
|
|
|
filename:environment
|
|
|
|
|
|
filename:express.conf
|
|
|
|
|
|
filename:express.conf path:.openshift
|
|
|
|
|
|
filename:filezilla.xml
|
|
|
|
|
|
filename:filezilla.xml Pass
|
|
|
|
|
|
filename:git-credentials
|
|
|
|
|
|
filename:gitconfig
|
|
|
|
|
|
filename:global
|
|
|
|
|
|
filename:history
|
|
|
|
|
|
filename:htpasswd
|
|
|
|
|
|
filename:hub oauth_token
|
|
|
|
|
|
filename:id_dsa
|
|
|
|
|
|
filename:id_rsa
|
|
|
|
|
|
filename:id_rsa or filename:id_dsa
|
|
|
|
|
|
filename:idea14.key
|
|
|
|
|
|
filename:known_hosts
|
|
|
|
|
|
filename:logins.json
|
|
|
|
|
|
filename:makefile
|
|
|
|
|
|
filename:master.key path:config
|
|
|
|
|
|
filename:netrc
|
|
|
|
|
|
filename:npmrc
|
|
|
|
|
|
filename:pass
|
|
|
|
|
|
filename:passwd path:etc
|
|
|
|
|
|
filename:pgpass
|
|
|
|
|
|
filename:prod.exs
|
|
|
|
|
|
filename:prod.exs NOT prod.secret.exs
|
|
|
|
|
|
filename:prod.secret.exs
|
|
|
|
|
|
filename:proftpdpasswd
|
|
|
|
|
|
filename:recentservers.xml
|
|
|
|
|
|
filename:recentservers.xml Pass
|
|
|
|
|
|
filename:robomongo.json
|
|
|
|
|
|
filename:s3cfg
|
|
|
|
|
|
filename:secrets.yml password
|
|
|
|
|
|
filename:server.cfg
|
|
|
|
|
|
filename:server.cfg rcon password
|
|
|
|
|
|
filename:settings
|
|
|
|
|
|
filename:settings.py SECRET_KEY
|
|
|
|
|
|
filename:sftp-config.json
|
|
|
|
|
|
filename:sftp-config.json password
|
|
|
|
|
|
filename:sftp.json path:.vscode
|
|
|
|
|
|
filename:shadow
|
|
|
|
|
|
filename:shadow path:etc
|
|
|
|
|
|
filename:spec
|
|
|
|
|
|
filename:sshd_config
|
|
|
|
|
|
filename:token
|
|
|
|
|
|
filename:tugboat
|
|
|
|
|
|
filename:ventrilo_srv.ini
|
|
|
|
|
|
filename:WebServers.xml
|
|
|
|
|
|
filename:wp-config
|
|
|
|
|
|
filename:wp-config.php
|
|
|
|
|
|
filename:zhrc
|
|
|
|
|
|
HEROKU_API_KEY language:json
|
|
|
|
|
|
HEROKU_API_KEY language:shell
|
|
|
|
|
|
HOMEBREW_GITHUB_API_TOKEN language:shell
|
|
|
|
|
|
jsforce extension:js conn.login
|
|
|
|
|
|
language:yaml -filename:travis
|
|
|
|
|
|
msg nickserv identify filename:config
|
|
|
|
|
|
org:Target "AWS_ACCESS_KEY_ID"
|
|
|
|
|
|
org:Target "list_aws_accounts"
|
|
|
|
|
|
org:Target "aws_access_key"
|
|
|
|
|
|
org:Target "aws_secret_key"
|
|
|
|
|
|
org:Target "bucket_name"
|
|
|
|
|
|
org:Target "S3_ACCESS_KEY_ID"
|
|
|
|
|
|
org:Target "S3_BUCKET"
|
|
|
|
|
|
org:Target "S3_ENDPOINT"
|
|
|
|
|
|
org:Target "S3_SECRET_ACCESS_KEY"
|
|
|
|
|
|
password
|
|
|
|
|
|
path:sites databases password
|
|
|
|
|
|
private -language:java
|
|
|
|
|
|
PT_TOKEN language:bash
|
|
|
|
|
|
redis_password
|
|
|
|
|
|
root_password
|
|
|
|
|
|
secret_access_key
|
|
|
|
|
|
SECRET_KEY_BASE=
|
|
|
|
|
|
shodan_api_key language:python
|
|
|
|
|
|
WORDPRESS_DB_PASSWORD=
|
|
|
|
|
|
xoxp OR xoxb OR xoxa
|
|
|
|
|
|
s3.yml
|
|
|
|
|
|
.exs
|
|
|
|
|
|
beanstalkd.yml
|
|
|
|
|
|
deploy.rake
|
|
|
|
|
|
.sls
|
|
|
|
|
|
AWS_SECRET_ACCESS_KEY
|
|
|
|
|
|
API KEY
|
|
|
|
|
|
API SECRET
|
|
|
|
|
|
API TOKEN
|
|
|
|
|
|
ROOT PASSWORD
|
|
|
|
|
|
ADMIN PASSWORD
|
|
|
|
|
|
GCP SECRET
|
|
|
|
|
|
AWS SECRET
|
|
|
|
|
|
"private" extension:pgp
|
|
|
|
|
|
```
|
2022-04-28 16:01:33 +00:00
|
|
|
|
<details>
|
|
|
|
|
|
|
2023-09-04 14:18:18 +00:00
|
|
|
|
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 推特 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
2023-09-04 14:18:18 +00:00
|
|
|
|
* 你在一个**网络安全公司**工作吗?你想在HackTricks中看到你的**公司广告**吗?或者你想获得**PEASS的最新版本或下载HackTricks的PDF**吗?请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
|
|
|
|
|
|
* 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)
|
|
|
|
|
|
* 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
|
|
|
|
|
|
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram群组**](https://t.me/peass) 或 **关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
|
|
|
|
|
|
* 通过向[**hacktricks repo**](https://github.com/carlospolop/hacktricks)和[**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud)提交PR来**分享你的黑客技巧**。
|
2022-04-28 16:01:33 +00:00
|
|
|
|
|
|
|
|
|
|
</details>
|
