GitDorker is a device that utilizes the GitHub Lookup API and an intensive list of GitHub dorks that I have compiled from many sources to deliver an overview of delicate facts stored on github offered a lookup question.
The Primary objective of GitDorker is to provide the consumer with a clear and tailor-made attack floor to start harvesting delicate details on GitHub. GitDorker can be made use of with extra applications these as GitRob or Trufflehog on fascinating repos or customers learned from GitDorker to make ideal success.
Price Boundaries
GitDorker makes use of the GitHub Research API and is limited to 30 requests for each minute. In buy to avoid amount limites a rest operate is built into GitDorker right after each 30 requests to avert look for failures. Hence, if just one had been to operate use the alldorks.txt file with GitDorker, the process will acquire around 5 minutes to finish.
Needs
** Python3
** GitHub Own Accessibility Token
** Put in requirements inside of the prerequisites.txt file of this repo (pip3 install -r requirements.txt)
Be sure to abide by the guideline below if you are not sure of how to create a particular obtain token: https://docs.github.com/en/github/authenticating-to-github/generating-a-individual-entry-token
Recommendations
It is advised to provide GitDorker with at minimum two GitHub personalized access tokens so that it may perhaps alternate between the two all through the dorking system and minimize the likelihood of remaining price minimal. Making use of multiple tokens from separate GitHub accounts will provide the greatest results.
Dorks
Inside the dorks folder are a list of dorks. It is advisable to use the “alldorks.txt” file when mapping out your github secrets and techniques assault floor. The “alldorks.txt” is my selection of dorks that i’ve pulled from a variety of assets, totalling to 239 specific dorks of sensitive github facts.
Use
I’ve produced a website article with significantly additional depth in how to use GitDorker and potential use scenarios in this article: https://medium.com/@obheda12/gitdorker-a-new-resource-for-handbook-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5
Help Output:
Screenshots
Below is an illustration of the benefits from functioning the question “tesla.com” with a small listing of dorks.
The following command was operate to question for “tesla.com” versus a listing of dorks:
python3 GitDorker.py -tf TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla
Notice: The additional advanced queries you place (i.e incorporation of person, org, endpoint details, etcetera. the much more succint success you will accomplish)
Credits
Reference details for creating GitDorker
Disclaimer
This undertaking is manufactured for academic and moral screening reasons only. Use of this software for attacking targets without the need of prior mutual consent is unlawful. Builders believe no liability and are not liable for any misuse or destruction prompted by this resource.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment