ghhdb-Github-Hacking-Database Github Hacking Database - A collection of Github's Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)
Search
Description
"api_hash" "api_id" "user_phone"
Telegram APP Configuration Keys (https://my.telegram.org/apps )
"https://api.telegram.org/bot "
Telegram API URL with Key
"aws_access_key_id" "aws_secret_access_key"
AWS API Keys
"cloudflare_api_key" "cloudflare_email"
Cloudflare API Key and Email
"Client ID" "client secret" "verification token"
Slack bot API Key
"xoxp-"
Slack API Key
"https://hooks.slack.com/ "
Slack Incoming WebHook API Url with Key
filename:passwords.txt
Passwords saved in text file
filename:passwords.doc
Passwords saved in doc file (See also .docx extesion)
"app.secret_key" extension=py
flask-login API Key
"app.config['SECRET_KEY']" extension:py
Flask Secret Key
"https://api.mailgun.net/v3/ "
Mailgun API URL with Key
Search
Description
"-----BEGIN RSA PRIVATE KEY-----"
RSA Private Key
"-----BEGIN PRIVATE KEY-----"
Unencrypted PKCS#8 and base64 encoded Private Key
"-----BEGIN ENCRYPTED PRIVATE KEY-----"
PEM file Private Key
"-----BEGIN CERTIFICATE-----" extension:pem
PEM encoded SSL certificate
Source Code Leak/Reverse Engineering
Search
Description
"package com.whatsapp" extension:java
Look for code leak or reverse engineer of an Android Application.
Passwords and connections config setting leak
Search
Description
app.config['SQLALCHEMY_DATABASE_URI']
SQLAlchmy Database connection configuration leak
Search
Description
filename:mega-recoverykey.txt
Mega.nz 2FA Recovery Code
filename:github-recovery-codes.txt
Github 2FA Recovery Code
Search
Description
"Sha1-Hulud: The Second Coming."
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft