Repo Dorks

Here’s a handy list of Google Dorks for use when searching through (github) source code repositories to find sensitive data

  • SSH hosts and keys:
    site:github.com inurl:“known_hosts”“ssh-rsa”
  • Private encryption keys:
    site:github.com inurl:“id_rsa” -inurl:“pub”
  • Test configuration info:
    site:github.com inurl:“test” filetype:config
  • Ruby on Rails secure token:
    site:github.com inurl:secret_token.rb
  • Windows Azure account keys:
    site:github.com “;AccountKey=”filetype:config
  • Database connection config:
    site:github.com “;User Id=” filetype:config
  • Amazon Web Service access key (Java):
    site:github.com “AWS_ACCESS_KEY_ID” filetype:properties
  • Amazon Web Service access key (Other):
    site:github.com “AWS_ACCESS_KEY_ID” filetype:config
  • Bash command history:
    site:github.com filetype:bash_history
  • Account config data:
    site:github.com filetype:xml inurl:accounts.xml
  • SQL containing passwords:
    site:github.com filetype:sql where password
  • Django settings file:
    site:github.com inurl:settings.py