Github OSINT
Search for Shortened URLs[^1]
Censys
parsed.names.raw: /(.*)\.<domain>\.com/
GitHub Dorks for Finding Files
filename:manifest.xml
filename:travis.yml
filename:vim_settings.xml
filename:database
filename:prod.exs NOT prod.secret.exs
filename:prod.secret.exs
filename:.npmrc _auth
filename:.dockercfg auth
filename:WebServers.xml
filename:.bash_history <Domain name>
filename:sftp-config.json
filename:sftp.json path:.vscode
filename:secrets.yml password
filename:.esmtprc password
filename:passwd path:etc
filename:dbeaver-data-sources.xml
path:sites databases password
filename:config.php dbpasswd
filename:prod.secret.exs
filename:configuration.php JConfig password
filename:.sh_history
shodan_api_key language:python
filename:shadow path:etc
JEKYLL_GITHUB_TOKEN
filename:proftpdpasswd
filename:.pgpass
filename:idea14.key
filename:hub oauth_token
HEROKU_API_KEY language:json
HEROKU_API_KEY language:shell
SF_USERNAME salesforce
filename:.bash_profile aws
extension:json api.forecast.io
filename:.env MAIL_HOST=smtp.gmail.com
filename:wp-config.php
extension:sql mysql dump
filename:credentials aws_access_key_id
filename:id_rsa or filename:id_dsa
GitHub Dorks for Finding Languages
language:python username
language:php username
language:sql username
language:html password
language:perl password
language:shell username
language:java api
HOMEBREW_GITHUB_API_TOKEN language:shell
GiHub Dorks for Finding API Keys, Tokens and Passwords
api_key
“api keys”
authorization_bearer:
oauth
auth
authentication
client_secret
api_token:
“api token”
client_id
password
user_password
user_pass
passcode
client_secret
secret
password hash
OTP
user auth
GitHub Dorks for Finding Usernames
user:name (user:admin)
org:name (org:google type:users)
in:login (<username> in:login)
in:name (<username> in:name)
fullname:firstname lastname (fullname:<name> <surname>)
in:email (data in:email)
extension:pem private
extension:ppk private
extension:sql mysql dump
extension:sql mysql dump password
extension:json api.forecast.io
extension:json mongolab.com
extension:yaml mongolab.com
[WFClient] Password= extension:ica
extension:avastlic “support.avast.com”
extension:json googleusercontent client_secret
GitHub Dorks for Directory Busting
target intitle:index of config.php
target inurl:/log intext:POST / OR intext:GET / filetype:log
target intitle:index of inurl:wp-content/uploads
target intitle:index of parent directory
target inurl:/saml2
target inurl:/php/.. -github
target inurl:/swf/ intitle:flashvars -github
target inurl:/AHS/
target inurl:/phpmyadmin/ filetype:sql
target inurl:/wp-content/uploads/ filetype:php
target inurl:/cgi-bin/
target inurl:/log intext:POST / OR intext:GET / filetype:log
target ext:log php error OR mysql error
target intext:Thank you for your purchase filetype:log
target intext:login OR intext:username OR intext:password filetype:log
GitHub Dorks for Authentication
target intext:Restricted Access OR intitle:Authentication Required
target intitle:Windows SBS Internet Applications intext:remote desktop
target intext:Novell WebAccess intext:User Name OR Password
target intext:no robots intext:noindex intext:nofollow OR intext:no robots intext:noindex intext:none OR intext:no robots intext:noindex intext:noarchive OR intext:no robots intext:noindex intext:nosnippet
target intitle:Remote Desktop Web Connection inurl:tsweb
target intext:mail.domain.com OR intext:webmail.domain.com OR intext:owa.domain.com
target inurl:/cgi-bin/pass.txt
GitHub Dorks for Software
target intitle:phpMyAdmin inurl:db_structure.php
target intitle:HFS / HTTP File Server
target intitle:phpMyAdmin Welcome to phpMyAdmin
target intitle:Apache Status intext:Apache Server Status for
target intext:Lucky PHP Shell OR intitle:Lucky PHP Shell
target intitle:Zend Server 7
target intext:DHCP FORCER inurl:/remote.php
target intext:Debut Video Capture Software OR intitle:Debut - Record and capture video -registration code
target intitle:WebcamXP 5 Server Status
target intitle:nagios filetype:cfg
target intext:Grandstream Networks, Inc. All Rights Reserved
target intext:License Key OR Product Key OR CD Key filetype:txt
target intext:Powered by Simple Machines OR intitle:SMF
site:example.com inurl:wp-content
site:example.com inurl:wp-includes
site:example.com intext:"WordPress" intext:"powered by"
site:example.com intext:"Joomla" intext:"powered by"
site:example.com intext:"Drupal" intext:"powered by"
site:example.com intext:"Magento" intext:"powered by"
GitHub Dorks for Sensitive pages/source
site:example.com inurl:.git intext:"index of"
site:example.com allintext:index filetype:git
site:example.com inurl:admin
site:example.com inurl:wp-admin
site:example.com intext:"password"
site:example.com intext:"api_key"
site:example.com intext:"username" intext:"password"
site:example.com intext:"email" intext:"password"
site:example.com inurl:vulnerabilities
*Other Keywords:
app_id, auth_token, client_certificate, client_secret_key, encrypted_credentials, fingerprint_data, github_app_token, identity_provider_token, key_pair, login_token, oauth_token, private_access_token, secret_access_key, session_id, signing_key, ssh_certificate, token_id, user_certificate, webhook_token, password, api_key, access_key, dbpassword, dbuser, pwd, pwds, aws_access, key, token, credentials, pass, pwd, passwd, private, preprod, appsecret
GitHub Dorks for Filestype:
site:example.com filetype:xls
site:example.com ext:pdf
GitHub Dorks for language:
assembly, c, c#, c++, clojure, dart, elixir, erlang, go, haskell, java, javascript, kotlin, lua, perl, php, python, ruby, rust, swift, json, bash, shell
GitHub Dorks for ext:
conf, css, csv, html, json, log, md, pdf, php, ps1, py, rb, sql, toml, txt, xml, yaml, yml, zip, bat, config, ini, env
GitHub Dorks for filename:
.env, .env.local, .gitconfig, .htaccess, .npmrc, .prettierrc, .ssh/idrsa, docker-compose.yaml, package-lock.json, package.json, server.js, webpack.config.js, netrpc, .git-credentials, .history, .htpasswd, bashhistory`