GitHub Dorking

GitHub Dorking is a technique used to search for sensitive information, vulnerabilities, or misconfigured repositories on GitHub by leveraging advanced search operators. These operators allow users to refine their searches and uncover data that may not be intended for public exposure. While GitHub Dorking can be used for legitimate purposes, such as security research, it can also be exploited maliciously to find exposed credentials, private keys, or other sensitive data.

Common GitHub Search Operators

Here are some commonly used GitHub search operators for dorking:

  1. filename: - Searches for specific filenames.

    • Example: filename:.env (searches for .env files, which often contain sensitive environment variables).

  2. path: - Searches within specific directories or paths.

    • Example: path:/config (searches for files in the /config directory).

  3. extension: - Searches for files with specific extensions.

    • Example: extension:pem (searches for .pem files, often used for private keys).

  4. repo: - Limits the search to a specific repository.

    • Example: repo:user/repo (searches within a specific repository).

  5. user: - Searches within repositories owned by a specific user or organization.

    • Example: user:github (searches within GitHub's repositories).

  6. language: - Searches for code written in a specific programming language.

    • Example: language:python (searches for Python code).

  7. size: - Searches for files of a specific size.

    • Example: size:>1000 (searches for files larger than 1000 bytes).

  8. in: - Searches within specific parts of a repository (e.g., file contents, path, or readme).

    • Example: in:file password (searches for the word "password" in file contents).

  9. created: - Searches for repositories or files created within a specific time frame.

    • Example: created:2023-01-01 (searches for repositories created on January 1, 2023).

  10. updated: - Searches for repositories or files updated within a specific time frame.

    • Example: updated:>2023-01-01 (searches for repositories updated after January 1, 2023).

  11. fork: - Searches for repositories that are forks of another repository.

    • Example: fork:true (searches for forked repositories).

  12. stars: - Searches for repositories with a specific number of stars.

    • Example: stars:>1000 (searches for repositories with more than 1000 stars).

  13. is: - Filters search results based on repository attributes.

    • Example: is:public (searches for public repositories).

  14. NOT - Excludes specific terms from the search.

    • Example: password NOT example (searches for "password" but excludes results containing "example").

Examples of GitHub Dorking Queries

  1. Search for exposed API keys:

    "api_key" OR "api-key" OR "api key" in:file

    This query looks for files containing the terms "api_key," "api-key," or "api key."

  2. Find .env files with sensitive information:

    filename:.env

    This query searches for .env files, which often contain sensitive environment variables like database credentials.

  3. Search for private keys:

    extension:pem OR extension:key

    This query looks for .pem or .key files, which may contain private keys.

  4. Find hardcoded credentials:

    "password" OR "passwd" OR "pwd" in:file

    This query searches for files containing the terms "password," "passwd," or "pwd."

  5. Search for AWS credentials:

    "aws_access_key_id" AND "aws_secret_access_key" in:file

    This query looks for files containing both AWS access key ID and secret access key.

  6. Find exposed configuration files:

    filename:config OR filename:settings

    This query searches for files named config or settings, which may contain sensitive configuration data.

  7. Search for exposed database credentials:

    "DB_USERNAME" OR "DB_PASSWORD" in:file

    This query looks for files containing database usernames or passwords.

  8. Find repositories with exposed SSH keys:

    filename:id_rsa OR filename:id_dsa

    This query searches for files named id_rsa or id_dsa, which are SSH private keys.

  9. Search for exposed Firebase credentials:

    "firebaseio.com" in:file

    This query looks for files containing Firebase database URLs, which may expose sensitive data.

  10. Find repositories with exposed Docker configurations:

    filename:docker-compose.yml

    This query searches for docker-compose.yml files, which may contain sensitive environment variables.

Ethical Considerations

GitHub Dorking can be a powerful tool for security researchers to identify and report vulnerabilities. However, it can also be misused for malicious purposes. If you discover sensitive information through GitHub Dorking, it is important to report it responsibly to the repository owner or GitHub's security team.

Protecting Your Repositories

To avoid exposing sensitive information on GitHub:

  • Use .gitignore to exclude sensitive files from being committed.

  • Avoid hardcoding credentials or secrets in your code.

  • Use environment variables or secret management tools.

  • Regularly audit your repositories for exposed data.

  • Enable GitHub's secret scanning feature to detect and alert you of exposed secrets.

By understanding GitHub Dorking, you can better secure your repositories and prevent unintended data exposure.

PreviousGoogle DorkingNextMy Recon

Last updated