How I Found Sensitive Information using Github Dorks in Bug Bounties — Part 2

Github dorks

Welcome back infosec guys here we are going to discuss part 2 of finding bugs using GitHub darks.

Photo by Yancy Min on Unsplash

Basic dorks:

This is the basic dorks for finding sensitive information.

"company" passwords
"company" secrets
"company" credentials 
"company" token
"company" config
"company" key
"company" pass
"company" login
"company" ftp
"company" pwd

Password dorks:

This is the dorks for finding passwords

"example.com" pwd
"example.com" password
"example.com" passwd
"example.com" dbpassword
"example.com" access_key
"example.com" secret_access_key
"example.com" bucket_password
"example.com" redis_password
"example.com" root_password

AWS creds:

This is the dorks for finding AWS creds

org: example "bucket_name"
org: example "aws_access_key"
org: example "s3_Bucket"
org: example "s3_ACCESS_KEY_ID"
org: example "s3_SECRET_ACCESS_KEY"
org: example "s3_ENDPOINT"
org: example "AWS_ACCESS_KEY_ID"
org: example "list_aws_account"

Server dorks:

This is the dorks used for finding server details

"target.com" ftp
"target.com" SMTP
"target.com" LDAP
"target.com" SSH

Language dorks:

This is the dorks used to find what language passwords used in organizations

"target.com" language:python passwords

Sensitive files and endpoints:

This is dorks beneficiary lookup sensitive files and endpoint

filename: manifest.xml
filename: travis.yml
filename: vim_settings.xml
filename: database
filename: prod.secret.exs
filename: npmrc_auth
filename: dockercfg auth
filename: web server.xml
filename: .bashrc password

Thank you for spending time reading my blog. I hope you enjoyed my blog. I you liked this blog give claps and interactive comments. Then follow me for future content.

part 1: https://mukibas37.medium.com/how-i-found-sensitive-information-using-github-dorks-in-bug-bounties-part-1-09c9465fa902?sk=b925267f6927ff6d0cb13d7fc925febe