Hello everyone, this is my first blog.
In Bug Bounty fields, many of them missing Github Dorking in their methodologies. In this blog, we will see about Github Dorking.
We all know that Git is a command-line tool, Github provides a Web-based graphical interface, and many more.
What is Github dorking ?
Github Search is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.
In this blog I have separated Github recon into two types:
2. Automated (Using Tools)
In the search field we are searching for sensitive things like passwords, API keys, database files, tokens, and many more using keywords.
How to do a Github recon?
1.You can search for a company name or Domain name+ keyword
Eg: “google.com” password
You can search for specific filenames like “google.com” filename:passwd path:etc
3.You can search for specific languages like “google.com" language:python
For more Github dorks :- click here
If you find your target github repository goto the people and search for sensitive things like passwords, API keys, database files, tokens, and many more using keywords using their name.
Example: username:cyberexploitme password
It’s not easy to find sensitive information on Github. You need to spend a lot of time and check each repository of a particular company.
so this is the concept of GitHub Dorking which reduces your effort of searching sensitive information manually.
Apart from repositories, you can also check for code, commits, issues, discussions, packages, marketplace, topics, wikis and users.
2.Automation (using tools) :
- Github Dorks:
Github-dork is a simple python tool that can search through your repository or your organization/user repositories. It's not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in the text file.
Installation guide :
1. Go to https://github.com/techgaun/github-dorks and clone it (download it)
2.Install all the given requirements
3.Use the below given command to search for all the repositories of a single user
Command : python github-dork.py -u <username>
GitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe.
1.Go to and clone it (download it)
2.gitGraber needs some dependencies, to install them on your environment:
pip3 install -r requirements.txt
3.Before to start gitGraber you need to modify the configuration file config.py :
Add your own Github tokens : GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
Command: python3 gitGraber.py -k keywordsfile.txt -q \"yahoo.com\" -s