OSINT – Github Dorks

OSINT – Github Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of Github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pentesting of systems.
GitHub Dork Search Tool is a simple python tool that can automate the process of searching through your repository or your organization/user repositories. Provides a basic functionality to automate the search on your repositories against the dorks specified in text file.
Installation
This tool uses github3.py to talk with GitHub Search API.
Clone this repository
git clone https://github.com/techgaun/github-dorks.git
Run
pip install -r requirements.txt
Usage
GH_USER – Environment variable to specify github user
GH_PWD – Environment variable to specify password
GH_TOKEN – Environment variable to specify github token
GH_URL – Environment variable to specify GitHub Enterprise base URL
Usage Examples
Search single repo
python github-dork.py -r techgaun/github-dorks
Search all repos of user
python github-dork.py -u techgaun
Search all repos of an organization
python github-dork.py -u dev-nepal
Search as authenticated user
GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal
Search using auth token
GH_TOKEN=<github_token> python github-dork.py -u dev-nepal
Search a GitHub Enterprise instance
GH_URL=https://github.example.com python github-dork.py -u dev-nepal