Siber Güvenlik

Github’da Kullanılabilecek Güncel Dorklar3 min read

Kas 30, 2020 3 min

Github’da Kullanılabilecek Güncel Dorklar3 min read

Okunur: 3 dakika

Github repolarında yer alan Hassas bilgileri tespit etmek amacıyla kullanılabilecek 150’den fazla dork, özellikle bounty ve yanlış yapılandırılmış git repo tespitinde oldukça işinize yarayacaktır.

Kullanmak için Github Search API’sini kullanabilirsiniz veya direk olarak tarayıcı üzerinden aramalarınızı yapabilirsiniz. Unutmayın Github Search API üzerinde dakikalık sadece 30 arama gerçekleştirebilirsiniz.

".mlab.com password"
"access_key"
"access_token"
"algolia_admin_key"
"algolia_api_key"
"alias_pass"
"alicloud_access_key"
"amazon_secret_access_key"
"amazonaws"
"ansible_vault_password"
"aos_key"
"api_key_secret"
"api_key_sid"
"api_key"
"api_secret"
"api.googlemaps AIza"
"apidocs"
"apikey"
"apiSecret"
"app_key"
"app_secret"
"appkey"
"appkeysecret"
"application_key"
"appsecret"
"appspot"
"auth_token"
"auth"
"authorizationToken"
"aws_access_key_id"
"aws_access"
"aws_key"
"aws_secret"
"aws_token"
"AWSSecretKey"
"b2_app_key"
"bashrc password"
"bintray_apikey"
"bintray_gpg_password"
"bintray_key"
"bintraykey"
"bluemix_api_key"
"bluemix_pass"
"browserstack_access_key"
"bucket_password"
"bucketeer_aws_access_key_id"
"bucketeer_aws_secret_access_key"
"built_branch_deploy_key"
"bx_password"
"cache_s3_secret_key"
"cattle_access_key"
"cattle_secret_key"
"certificate_password"
"ci_deploy_password"
"client_secret"
"client_zpk_secret_key"
"clojars_password"
"cloud_api_key"
"cloud_watch_aws_access_key"
"cloudant_password"
"cloudflare_api_key"
"cloudflare_auth_key"
"cloudfront"
"codecov_token"
"config"
"conn.login"
"connectionstring"
"consumer_key"
"credentials"
"cypress_record_key"
"database_password"
"datadog_api_key"
"datadog_app_key"
"db_password"
"db_username"
"dbpasswd"
"dbpassword"
"dbuser"
"deploy_password"
"digitalocean_ssh_key_body"
"digitalocean_ssh_key_ids"
"docker_hub_password"
"docker_key"
"docker_pass"
"docker_passwd"
"docker_password"
"dockerhub_password"
"dockerhubpassword"
"dot-files"
"dotfiles"
"droplet_travis_password"
"dynamoaccesskeyid"
"dynamosecretaccesskey"
"elasticsearch_password"
"encryption_key"
"encryption_password"
"env.heroku_api_key"
"env.sonatype_password"
"eureka.awssecretkey"
"fabricApiSecret"
"fb_secret"
"firebase"
"flickr_api_key"
"fossa_api_key"
"ftp_password"
"ftp"
"gh_api_key"
"gh_token"
"ghost_api_key"
"github_api_key"
"github_deploy_hb_doc_pass"
"github_key"
"github_password"
"github_token"
"gitlab"
"gmail_password"
"gmail_username"
"google_maps_api_key"
"google_private_key"
"gpg_key_name"
"gpg_keyname"
"gpg_passphrase"
"herokuapp"
"internal"
"irc_pass"
"JEKYLL_GITHUB_TOKEN"
"jwt_client_secret_key"
"jwt_lookup_secert_key"
"jwt_web_secert_key"
"jwt_xmpp_secert_key"
"key"
"keyPassword"
"ldap_password"
"ldap_username"
"linux_signing_key"
"ll_shared_key"
"login"
"lottie_happo_api_key"
"lottie_happo_secret_key"
"lottie_s3_api_key"
"lottie_s3_secret_key"
"magento password"
"mail_password"
"mailchimp_api_key"
"mailchimp_key"
"mailchimp"
"mailgun apikey"
"mailgun_password"
"mailgun_priv_key"
"mailgun_secret_api_key"
"mailgun"
"manage_key"
"mandrill_api_key"
"mapbox api key"
"master_key"
"mg_api_key"
"mg_public_api_key"
"mh_apikey"
"mh_password"
"mile_zero_key"
"minio_access_key"
"minio_secret_key"
"mydotfiles"
"mysql password"
"mysql_root_password"
"mysql"
"netlify_api_key"
"nexus password"
"nexus_password"
"node_env"
"node_pre_gyp_accesskeyid"
"node_pre_gyp_secretaccesskey"
"npm_api_key"
"npm_password"
"npm_secret_key"
"npmrc _auth"
"nuget_api_key"
"nuget_apikey"
"nuget_key"
"oauth_token"
"object_storage_password"
"octest_app_password"
"octest_password"
"okta_key"
"omise_key"
"onesignal_api_key"
"onesignal_user_auth_key"
"openwhisk key"
"openwhisk_key"
"org_gradle_project_sonatype_nexus_password"
"org_project_gradle_sonatype_nexus_password"
"os_password"
"ossrh_jira_password"
"ossrh_pass"
"ossrh_password"
"pagerduty_apikey"
"parse_js_key"
"pass"
"passwd"
"password travis"
"password"
"passwords"
"pem private"
"personal_key"
"plotly_apikey"
"plugin_password"
"postgres_env_postgres_password"
"postgresql_pass"
"preprod"
"private_key"
"private_signing_password"
"prod_password"
"prod.access.key.id"
"prod.secret.key"
"prod"
"publish_key"
"pwd"
"pwds"
"rabbitmq_password"
"rds.amazonaws.com password"
"redis_password"
"rest_api_key"
"rinkeby_private_key"
"root_password"
"ropsten_private_key"
"route53_access_key_id"
"rtd_key_pass"
"rtd_store_pass"
"s3_access_key_id"
"s3_access_key"
"s3_key_app_logs"
"s3_key_assets"
"s3_key"
"s3_secret_key"
"salesforce_password"
"sandbox_aws_access_key_id"
"sandbox_aws_secret_access_key"
"sauce_access_key"
"secret access key"
"secret_access_key"
"secret_key_base"
"secret_key"
"secret_token"
"secret.password"
"secret"
"secretaccesskey"
"secretkey"
"secrets"
"secure"
"security_credentials"
"send_keys"
"send.keys"
"sendgrid_api_key"
"sendgrid_key"
"sendgrid_password"
"sendkeys"
"ses_access_key"
"ses_secret_key"
"setdstaccesskey"
"setsecretkey"
"SF_USERNAME salesforce"
"sf_username"
"signing_key_password"
"signing_key_secret"
"slack_api"
"slack_token"
"slash_developer_space_key"
"snoowrap_password"
"socrata_password"
"sonar_organization_key"
"sonar_project_key"
"sonatype_password"
"sonatype_token_password"
"soundcloud_password"
"sql_password"
"sqsaccesskey"
"ssh"
"ssh2_auth_password"
"sshpass"
"staging"
"stg"
"storePassword"
"stormpath_api_key_id"
"stormpath_api_key_secret"
"strip_secret_key"
"stripe"
"svn_pass"
"swagger"
"tesco_api_key"
"tester_keys_password"
"testuser"
"thera_oss_access_key"
"token"
"twilio_api_key"
"twine_password"
"x-api-key"
"xoxb "
"xoxp"
[WFClient] Password extension:ica
[WFClient] Password= extension:ica
extension:avastlic "support.avast.com"
extension:bat
extension:cfg
extension:env
extension:exs
extension:ini
extension:json api.forecast.io
extension:json googleusercontent client_secret
extension:json mongolab.com
extension:pem
extension:pem private
extension:ppk
extension:ppk private
extension:properties
extension:sh
extension:sls
extension:sql
extension:sql mysql dump
extension:sql mysql dump password
extension:yaml mongolab.com
extension:zsh
filename:_netrc password
filename:.bash_history
filename:.bash_profile aws
filename:.bashrc mailchimp
filename:.bashrc password
filename:.cshrc
filename:.dockercfg auth
filename:.env DB_USERNAME NOT homestead
filename:.env MAIL_HOST=smtp.gmail.com
filename:.env MAIL_HOSTsmtp.gmail.com
filename:.esmtprc password
filename:.ftpconfig
filename:.git-credentials
filename:.history
filename:.htpasswd
filename:.netrc password
filename:.npmrc _auth
filename:.pgpass
filename:.remote-sync.json
filename:.s3cfg
filename:.sh_history
filename:.tugboat NOT _tugboat
filename:bash
filename:bash_history
filename:bash_profile
filename:bashrc
filename:beanstalkd.yml
filename:CCCam.cfg
filename:composer.json
filename:config
filename:config irc_pass
filename:config.json auths
filename:config.php dbpasswd
filename:configuration.php JConfig password
filename:connections
filename:connections.xml
filename:constants
filename:credentials
filename:credentials aws_access_key_id
filename:cshrc
filename:database
filename:dbeaver-data-sources.xml
filename:deploy.rake
filename:deployment-config.json
filename:dhcpd.conf
filename:dockercfg
filename:environment
filename:express.conf
filename:express.conf path:.openshift
filename:filezilla.xml
filename:filezilla.xml Pass
filename:git-credentials
filename:gitconfig
filename:global
filename:history
filename:htpasswd
filename:hub oauth_token
filename:id_dsa
filename:id_rsa
filename:id_rsa or filename:id_dsa
filename:idea14.key
filename:known_hosts
filename:logins.json
filename:makefile
filename:master.key path:config
filename:netrc
filename:npmrc
filename:pass
filename:passwd path:etc
filename:pgpass
filename:prod.exs
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:proftpdpasswd
filename:recentservers.xml
filename:recentservers.xml Pass
filename:robomongo.json
filename:s3cfg
filename:secrets.yml password
filename:server.cfg
filename:server.cfg rcon password
filename:settings
filename:settings.py SECRET_KEY
filename:sftp-config.json
filename:sftp.json path:.vscode
filename:shadow
filename:shadow path:etc
filename:spec
filename:sshd_config
filename:tugboat
filename:ventrilo_srv.ini
filename:WebServers.xml
filename:wp-config
filename:wp-config.php
filename:zhrc
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
HOMEBREW_GITHUB_API_TOKEN language:shell
jsforce extension:js conn.login
language:yaml -filename:travis
msg nickserv identify filename:config
path:sites databases password
private -language:java
PT_TOKEN language:bash
shodan_api_key language:python

Sistem Uzmanı, Linux Hacısı, El-Kernel