Here’s a handy list of Google Dorks for use when searching through (github) source code repositories to find sensitive data
- SSH hosts and keys:
site:github.com inurl:“known_hosts”“ssh-rsa” - Private encryption keys:
site:github.com inurl:“id_rsa” -inurl:“pub” - Test configuration info:
site:github.com inurl:“test” filetype:config - Ruby on Rails secure token:
site:github.com inurl:secret_token.rb - Windows Azure account keys:
site:github.com “;AccountKey=”filetype:config - Database connection config:
site:github.com “;User Id=” filetype:config - Amazon Web Service access key (Java):
site:github.com “AWS_ACCESS_KEY_ID” filetype:properties - Amazon Web Service access key (Other):
site:github.com “AWS_ACCESS_KEY_ID” filetype:config - Bash command history:
site:github.com filetype:bash_history - Account config data:
site:github.com filetype:xml inurl:accounts.xml - SQL containing passwords:
site:github.com filetype:sql where password - Django settings file:
site:github.com inurl:settings.py