HackTricks
Search…
Pentesting
Powered By GitBook
Github Leaked Secrets
Now that we have built the list of assets of our scope it's time to search for some OSINT low-hanging fruits.

Api keys leaks in github

Dorks

1
".mlab.com password"
2
"access_key"
3
"access_token"
4
"amazonaws"
5
"api.googlemaps AIza"
6
"api_key"
7
"api_secret"
8
"apidocs"
9
"apikey"
10
"apiSecret"
11
"app_key"
12
"app_secret"
13
"appkey"
14
"appkeysecret"
15
"application_key"
16
"appsecret"
17
"appspot"
18
"auth"
19
"auth_token"
20
"authorizationToken"
21
"aws_access"
22
"aws_access_key_id"
23
"aws_key"
24
"aws_secret"
25
"aws_token"
26
"AWSSecretKey"
27
"bashrc password"
28
"bucket_password"
29
"client_secret"
30
"cloudfront"
31
"codecov_token"
32
"config"
33
"conn.login"
34
"connectionstring"
35
"consumer_key"
36
"credentials"
37
"database_password"
38
"db_password"
39
"db_username"
40
"dbpasswd"
41
"dbpassword"
42
"dbuser"
43
"dot-files"
44
"dotfiles"
45
"encryption_key"
46
"fabricApiSecret"
47
"fb_secret"
48
"firebase"
49
"ftp"
50
"gh_token"
51
"github_key"
52
"github_token"
53
"gitlab"
54
"gmail_password"
55
"gmail_username"
56
"herokuapp"
57
"internal"
58
"irc_pass"
59
"JEKYLL_GITHUB_TOKEN"
60
"key"
61
"keyPassword"
62
"ldap_password"
63
"ldap_username"
64
"login"
65
"mailchimp"
66
"mailgun"
67
"master_key"
68
"mydotfiles"
69
"mysql"
70
"node_env"
71
"npmrc _auth"
72
"oauth_token"
73
"pass"
74
"passwd"
75
"password"
76
"passwords"
77
"pem private"
78
"preprod"
79
"private_key"
80
"prod"
81
"pwd"
82
"pwds"
83
"rds.amazonaws.com password"
84
"redis_password"
85
"root_password"
86
"secret"
87
"secret.password"
88
"secret_access_key"
89
"secret_key"
90
"secret_token"
91
"secrets"
92
"secure"
93
"security_credentials"
94
"send.keys"
95
"send_keys"
96
"sendkeys"
97
"SF_USERNAME salesforce"
98
"sf_username"
99
"site.com" FIREBASE_API_JSON=
100
"site.com" vim_settings.xml
101
"slack_api"
102
"slack_token"
103
"sql_password"
104
"ssh"
105
"ssh2_auth_password"
106
"sshpass"
107
"staging"
108
"stg"
109
"storePassword"
110
"stripe"
111
"swagger"
112
"testuser"
113
"token"
114
"x-api-key"
115
"xoxb "
116
"xoxp"
117
[WFClient] Password= extension:ica
118
access_key
119
bucket_password
120
dbpassword
121
dbuser
122
extension:avastlic "support.avast.com"
123
extension:bat
124
extension:cfg
125
extension:env
126
extension:exs
127
extension:ini
128
extension:json api.forecast.io
129
extension:json googleusercontent client_secret
130
extension:json mongolab.com
131
extension:pem
132
extension:pem private
133
extension:ppk
134
extension:ppk private
135
extension:properties
136
extension:sh
137
extension:sls
138
extension:sql
139
extension:sql mysql dump
140
extension:sql mysql dump password
141
extension:yaml mongolab.com
142
extension:zsh
143
filename:.bash_history
144
filename:.bash_history DOMAIN-NAME
145
filename:.bash_profile aws
146
filename:.bashrc mailchimp
147
filename:.bashrc password
148
filename:.cshrc
149
filename:.dockercfg auth
150
filename:.env DB_USERNAME NOT homestead
151
filename:.env MAIL_HOST=smtp.gmail.com
152
filename:.esmtprc password
153
filename:.ftpconfig
154
filename:.git-credentials
155
filename:.history
156
filename:.htpasswd
157
filename:.netrc password
158
filename:.npmrc _auth
159
filename:.pgpass
160
filename:.remote-sync.json
161
filename:.s3cfg
162
filename:.sh_history
163
filename:.tugboat NOT _tugboat
164
filename:_netrc password
165
filename:apikey
166
filename:bash
167
filename:bash_history
168
filename:bash_profile
169
filename:bashrc
170
filename:beanstalkd.yml
171
filename:CCCam.cfg
172
filename:composer.json
173
filename:config
174
filename:config irc_pass
175
filename:config.json auths
176
filename:config.php dbpasswd
177
filename:configuration.php JConfig password
178
filename:connections
179
filename:connections.xml
180
filename:constants
181
filename:credentials
182
filename:credentials aws_access_key_id
183
filename:cshrc
184
filename:database
185
filename:dbeaver-data-sources.xml
186
filename:deployment-config.json
187
filename:dhcpd.conf
188
filename:dockercfg
189
filename:environment
190
filename:express.conf
191
filename:express.conf path:.openshift
192
filename:filezilla.xml
193
filename:filezilla.xml Pass
194
filename:git-credentials
195
filename:gitconfig
196
filename:global
197
filename:history
198
filename:htpasswd
199
filename:hub oauth_token
200
filename:id_dsa
201
filename:id_rsa
202
filename:id_rsa or filename:id_dsa
203
filename:idea14.key
204
filename:known_hosts
205
filename:logins.json
206
filename:makefile
207
filename:master.key path:config
208
filename:netrc
209
filename:npmrc
210
filename:pass
211
filename:passwd path:etc
212
filename:pgpass
213
filename:prod.exs
214
filename:prod.exs NOT prod.secret.exs
215
filename:prod.secret.exs
216
filename:proftpdpasswd
217
filename:recentservers.xml
218
filename:recentservers.xml Pass
219
filename:robomongo.json
220
filename:s3cfg
221
filename:secrets.yml password
222
filename:server.cfg
223
filename:server.cfg rcon password
224
filename:settings
225
filename:settings.py SECRET_KEY
226
filename:sftp-config.json
227
filename:sftp-config.json password
228
filename:sftp.json path:.vscode
229
filename:shadow
230
filename:shadow path:etc
231
filename:spec
232
filename:sshd_config
233
filename:token
234
filename:tugboat
235
filename:ventrilo_srv.ini
236
filename:WebServers.xml
237
filename:wp-config
238
filename:wp-config.php
239
filename:zhrc
240
HEROKU_API_KEY language:json
241
HEROKU_API_KEY language:shell
242
HOMEBREW_GITHUB_API_TOKEN language:shell
243
jsforce extension:js conn.login
244
language:yaml -filename:travis
245
msg nickserv identify filename:config
246
org:Target "AWS_ACCESS_KEY_ID"
247
org:Target "list_aws_accounts"
248
org:Target "aws_access_key"
249
org:Target "aws_secret_key"
250
org:Target "bucket_name"
251
org:Target "S3_ACCESS_KEY_ID"
252
org:Target "S3_BUCKET"
253
org:Target "S3_ENDPOINT"
254
org:Target "S3_SECRET_ACCESS_KEY"
255
password
256
path:sites databases password
257
private -language:java
258
PT_TOKEN language:bash
259
redis_password
260
root_password
261
secret_access_key
262
SECRET_KEY_BASE=
263
shodan_api_key language:python
264
WORDPRESS_DB_PASSWORD=
265
xoxp OR xoxb OR xoxa
266
s3.yml
267
.exs
268
beanstalkd.yml
269
deploy.rake
270
.sls
271
AWS_SECRET_ACCESS_KEY
272
API KEY
273
API SECRET
274
API TOKEN
275
ROOT PASSWORD
276
ADMIN PASSWORD
277
GCP SECRET
278
AWS SECRET
279
"private" extension:pgp
Copied!
Last modified 3mo ago