Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on.
Github Dorks - Github Security Scanning Tool
github-dork.py is a simple Python tool that can search through your repository or your organisation/user repositories. It’s not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in the text file.
You can also check out: Gitrob – Scan Github For Sensitive Files
Installation
This tool uses github3.py to talk with the GitHub Search API.
Clone the repository and run:
pip install -r requirements.txt
1
pip install -r requirements.txt
Usage
GH_USER - Environment variable to specify github user
GH_PWD - Environment variable to specify password
GH_TOKEN - Environment variable to specify github token
GH_URL - Environment variable to specify GitHub Enterprise base URL
1
2
3
4
GH_USER - Environment variable to specify github user
GH_PWD - Environment variable to specify password
GH_TOKEN - Environment variable to specify github token
GH_URL - Environment variable to specify GitHub Enterprise base URL
Some example usages are listed below:
python github-dork.py -r techgaun/github-dorks # search single repo
python github-dork.py -u techgaun # search all repos of user
python github-dork.py -u dev-nepal # search all repos of an organization
GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal # search as authenticated user
GH_TOKEN=<github_token> python github-dork.py -u dev-nepal # search using auth token
GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance
1
2
3
4
5
6
7
8
9
10
11
python github-dork.py -r techgaun/github-dorks # search single repo
python github-dork.py -u techgaun # search all repos of user
python github-dork.py -u dev-nepal # search all repos of an organization
GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal # search as authenticated user
GH_TOKEN=<github_token> python github-dork.py -u dev-nepal # search using auth token
GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance
You can download Github Dorks here
0 comments :