Welcome back infosec guys here we are going to discuss part 2 of finding bugs using GitHub darks.
Basic dorks:
This is the basic dorks for finding sensitive information.
"company" passwords
"company" secrets
"company" credentials
"company" token
"company" config
"company" key
"company" pass
"company" login
"company" ftp
"company" pwdPassword dorks:
This is the dorks for finding passwords
"example.com" pwd
"example.com" password
"example.com" passwd
"example.com" dbpassword
"example.com" access_key
"example.com" secret_access_key
"example.com" bucket_password
"example.com" redis_password
"example.com" root_passwordAWS creds:
This is the dorks for finding AWS creds
org: example "bucket_name"
org: example "aws_access_key"
org: example "s3_Bucket"
org: example "s3_ACCESS_KEY_ID"
org: example "s3_SECRET_ACCESS_KEY"
org: example "s3_ENDPOINT"
org: example "AWS_ACCESS_KEY_ID"
org: example "list_aws_account"Server dorks:
This is the dorks used for finding server details
"target.com" ftp
"target.com" SMTP
"target.com" LDAP
"target.com" SSHLanguage dorks:
This is the dorks used to find what language passwords used in organizations
"target.com" language:python passwordsSensitive files and endpoints:
This is dorks beneficiary lookup sensitive files and endpoint
filename: manifest.xml
filename: travis.yml
filename: vim_settings.xml
filename: database
filename: prod.secret.exs
filename: npmrc_auth
filename: dockercfg auth
filename: web server.xml
filename: .bashrc passwordThank you for spending time reading my blog. I hope you enjoyed my blog. I you liked this blog give claps and interactive comments. Then follow me for future content.