Awesome
ghhdb-Github-Hacking-Database
Github Hacking Database - A collection of Github's Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)
API Keys
Search | Description |
---|---|
"api_hash" "api_id" "user_phone" | Telegram APP Configuration Keys (https://my.telegram.org/apps) |
"https://api.telegram.org/bot" | Telegram API URL with Key |
"aws_access_key_id" "aws_secret_access_key" | AWS API Keys |
"cloudflare_api_key" "cloudflare_email" | Cloudflare API Key and Email |
"Client ID" "client secret" "verification token" | Slack bot API Key |
"xoxp-" | Slack API Key |
"https://hooks.slack.com/" | Slack Incoming WebHook API Url with Key |
filename:passwords.txt | Passwords saved in text file |
filename:passwords.doc | Passwords saved in doc file (See also .docx extesion) |
"app.secret_key" extension=py | flask-login API Key |
"app.config['SECRET_KEY']" extension:py | Flask Secret Key |
"https://api.mailgun.net/v3/" | Mailgun API URL with Key |
Certificates
Search | Description |
---|---|
"-----BEGIN RSA PRIVATE KEY-----" | RSA Private Key |
"-----BEGIN PRIVATE KEY-----" | Unencrypted PKCS#8 and base64 encoded Private Key |
"-----BEGIN ENCRYPTED PRIVATE KEY-----" | PEM file Private Key |
"-----BEGIN CERTIFICATE-----" extension:pem | PEM encoded SSL certificate |
Source Code Leak/Reverse Engineering
Search | Description |
---|---|
"package com.whatsapp" extension:java | Look for code leak or reverse engineer of an Android Application. |
Passwords and connections config setting leak
Search | Description |
---|---|
app.config['SQLALCHEMY_DATABASE_URI'] | SQLAlchmy Database connection configuration leak |
2FA Recovery Codes
Search | Description |
---|---|
filename:mega-recoverykey.txt | Mega.nz 2FA Recovery Code |
filename:github-recovery-codes.txt | Github 2FA Recovery Code |