πŸ‘¨β€πŸ’»
Jawad's Notes
  • πŸ‘¨β€πŸ«INFOSEC
    • πŸ•ΈοΈWeb
      • Burp Suite: Setting Foxyproxy
      • XSS
      • Wappalyzer
      • Directory Traversal
      • LFI
        • PHP Wrappers
        • RFI
      • Reverse Shell
        • Command Injection Quick Tips
      • File Upload
      • WPScan
      • SQL Injection
        • Schemas
        • SQLmap
        • MSSQL
        • MySQL
        • PostgreSQL
    • πŸ”§Tools
      • Whois
      • DNSRecon
      • DNSenum
      • nslookup
      • Netcat
        • Powercat
      • Nmap
        • Nmap Scripting Engine
        • Test-NetConnection
        • Grep
      • Server Message Block (SMB)
      • SNMP
      • SMTP
      • ExifTool
      • Search Engine Hacking
      • Source Control Hacking
      • Nessus
      • Canarytokens
      • Qualys SSL Server Test
      • Security Headers
      • theHarvester
      • Shodan
      • Gobuster
        • Dirb
      • Searchsploit
      • Password Cracking
        • Hashcat
        • John The Ripper
        • Hydra
        • hashID
        • CPU vs GPU
    • 🐧Linux
      • Symbols
      • cat
      • curl
      • openvpn
      • tcpdump
      • Remote Desktop
      • SmbShare
      • Tmux
      • Convert Windows-style line endings (CRLF) to Unix-style (LF)
      • SSH
    • πŸ–₯️Macros in Office
    • 🍎Enhancing Your MacOS Terminal Experience
    • 🚩CTF
      • SQL Injection
        • WHERE clause allowing retrieval of hidden data
        • Allowing login bypass
        • UNION attack, determining the number of columns returned by the query
        • UNION attack, finding a column containing text
        • UNION attack, retrieving data from other tables
        • UNION attack, retrieving multiple values in a single column
        • Querying the database type and version on Oracle
Powered by GitBook
On this page
  1. INFOSEC
  2. Tools

Source Control Hacking

Open source software, while fostering collaboration, can introduce information security risks during the information gathering phase.

Searching for potentially sensitive information on GitHub, sometimes referred to as "GitHub hacking" or "GitHub dorking," involves using advanced search queries to discover repositories or code snippets containing unintentionally exposed credentials, proprietary code, or other sensitive data. While GitHub provides a powerful platform for collaboration, it's essential to be aware that information might inadvertently be disclosed.

Here's a brief overview:

  1. Exposed Credentials:

    • Example: filename:.env password

    • Purpose: Searches for files named ".env" that may contain sensitive information like passwords.

  2. API Keys and Tokens:

    • Example: filename:config.js token

    • Purpose: Looks for configuration files that might include API keys or authentication tokens.

  3. Specific Code Patterns:

    • Example: filename:docker-compose.yml aws_access_key_id

    • Purpose: Identifies Docker Compose files that might contain AWS access key information.

  4. Vulnerable Dependencies:

    • Example: filename:package.json "dependencies" "vulnerable"

    • Purpose: Searches for package.json files indicating dependencies with known vulnerabilities.

  5. Source Code Leaks:

    • Example: filename:.gitattributes password

    • Purpose: Scans for Git attribute files that may inadvertently expose sensitive information.

  6. Public API Keys:

    • Example: filename:config.json api_key

    • Purpose: Searches for configuration files containing API keys in JSON format.

Resources:

PreviousSearch Engine HackingNextNessus

Last updated 1 year ago

πŸ‘¨β€πŸ«
πŸ”§
https://github.com/features/code-search
https://github.com/search