Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on.
github-dork.py
is a simple Python tool that can search through your repository or your organisation/user repositories. It’s not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in the text file.
You can also check out: Gitrob – Scan Github For Sensitive Files
Installation
This tool uses github3.py to talk with the GitHub Search API.
Clone the repository and run:
1 |
pip install -r requirements.txt |
Usage
1 2 3 4 |
GH_USER - Environment variable to specify github user GH_PWD - Environment variable to specify password GH_TOKEN - Environment variable to specify github token GH_URL - Environment variable to specify GitHub Enterprise base URL |
Some example usages are listed below:
1 2 3 4 5 6 7 8 9 10 11 |
python github-dork.py -r techgaun/github-dorks # search single repo python github-dork.py -u techgaun # search all repos of user python github-dork.py -u dev-nepal # search all repos of an organization GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal # search as authenticated user GH_TOKEN=<github_token> python github-dork.py -u dev-nepal # search using auth token GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance |
You can download Github Dorks here:
Or read more here.