GitDorker – A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks
GitDorker is a device that utilizes the GitHub Lookup API and an intensive list of GitHub dorks that I have compiled from many sources to deliver an overview of delicate facts stored on github offered a lookup question.
The Primary objective of GitDorker is to provide the consumer with a clear and tailor-made attack floor to start harvesting delicate details on GitHub. GitDorker can be made use of with extra applications these as GitRob or Trufflehog on fascinating repos or customers learned from GitDorker to make ideal success.
Price Boundaries
GitDorker makes use of the GitHub Research API and is limited to 30 requests for each minute. In buy to avoid amount limites a rest operate is built into GitDorker right after each 30 requests to avert look for failures. Hence, if just one had been to operate use the alldorks.txt file with GitDorker, the process will acquire around 5 minutes to finish.
Needs
** Python3
** GitHub Own Accessibility Token
** Put in requirements inside of the prerequisites.txt file of this repo (pip3 install -r requirements.txt)
Be sure to abide by the guideline below if you are not sure of how to create a particular obtain token: https://docs.github.com/en/github/authenticating-to-github/generating-a-individual-entry-token
Recommendations
It is advised to provide GitDorker with at minimum two GitHub personalized access tokens so that it may perhaps alternate between the two all through the dorking system and minimize the likelihood of remaining price minimal. Making use of multiple tokens from separate GitHub accounts will provide the greatest results.
Dorks
Inside the dorks folder are a list of dorks. It is advisable to use the “alldorks.txt” file when mapping out your github secrets and techniques assault floor. The “alldorks.txt” is my selection of dorks that i’ve pulled from a variety of assets, totalling to 239 specific dorks of sensitive github facts.
Use
I’ve produced a website article with significantly additional depth in how to use GitDorker and potential use scenarios in this article: https://medium.com/@obheda12/gitdorker-a-new-resource-for-handbook-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5
Help Output:
Screenshots
Below is an illustration of the benefits from functioning the question “tesla.com” with a small listing of dorks.
The following command was operate to question for “tesla.com” versus a listing of dorks:
python3 GitDorker.py -tf TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla
Notice: The additional advanced queries you place (i.e incorporation of person, org, endpoint details, etcetera. the much more succint success you will accomplish)
Credits
Reference details for creating GitDorker
- @gwendallecoguic – particular thank you to gwendall and his scripts that delivered me with the framework for making GitDorker.
Disclaimer
This undertaking is manufactured for academic and moral screening reasons only. Use of this software for attacking targets without the need of prior mutual consent is unlawful. Builders believe no liability and are not liable for any misuse or destruction prompted by this resource.