Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on.
github-dork.py is a simple Python tool that can search through your repository or your organisation/user repositories. It’s not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in the text file.
Installation
This tool uses github3.py to talk with the GitHub Search API.
Clone the repository and run:
▼Advertisements
|
1
|
pip install –r requirements.txt
|
Usage
|
1
2
3
4
|
GH_USER – Environment variable to specify github user
GH_PWD – Environment variable to specify password
GH_TOKEN – Environment variable to specify github token
GH_URL – Environment variable to specify GitHub Enterprise base URL
|
Some example usages are listed below:
|
1
2
3
4
5
6
7
8
9
10
11
|
python github–dork.py –r techgaun/github–dorks # search single repo
python github–dork.py –u techgaun # search all repos of user
python github–dork.py –u dev–nepal # search all repos of an organization
GH_USER=techgaun GH_PWD=<mypass> python github–dork.py –u dev–nepal # search as authenticated user
GH_TOKEN=<github_token> python github–dork.py –u dev–nepal # search using auth token
GH_URL=https://github.example.com python github-dork.py -u dev-nepal # search a GitHub Enterprise instance
|
You can download Github Dorks here:
Or read more here.
The post Github Dorks – Github Security Scanning Tool appeared first on DigitalMunition.