Home

Awesome

ghhdb-Github-Hacking-Database

Github Hacking Database - A collection of Github's Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)

API Keys

SearchDescription
"api_hash" "api_id" "user_phone"Telegram APP Configuration Keys (https://my.telegram.org/apps)
"https://api.telegram.org/bot"Telegram API URL with Key
"aws_access_key_id" "aws_secret_access_key"AWS API Keys
"cloudflare_api_key" "cloudflare_email"Cloudflare API Key and Email
"Client ID" "client secret" "verification token"Slack bot API Key
"xoxp-"Slack API Key
"https://hooks.slack.com/"Slack Incoming WebHook API Url with Key
filename:passwords.txtPasswords saved in text file
filename:passwords.docPasswords saved in doc file (See also .docx extesion)
"app.secret_key" extension=pyflask-login API Key
"app.config['SECRET_KEY']" extension:pyFlask Secret Key
"https://api.mailgun.net/v3/"Mailgun API URL with Key

Certificates

SearchDescription
"-----BEGIN RSA PRIVATE KEY-----"RSA Private Key
"-----BEGIN PRIVATE KEY-----"Unencrypted PKCS#8 and base64 encoded Private Key
"-----BEGIN ENCRYPTED PRIVATE KEY-----"PEM file Private Key
"-----BEGIN CERTIFICATE-----" extension:pemPEM encoded SSL certificate

Source Code Leak/Reverse Engineering

SearchDescription
"package com.whatsapp" extension:javaLook for code leak or reverse engineer of an Android Application.

Passwords and connections config setting leak

SearchDescription
app.config['SQLALCHEMY_DATABASE_URI']SQLAlchmy Database connection configuration leak

2FA Recovery Codes

SearchDescription
filename:mega-recoverykey.txtMega.nz 2FA Recovery Code
filename:github-recovery-codes.txtGithub 2FA Recovery Code