Miladbr

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Miladbr

# Append below lines in /etc/rc.local.d/local.sh. 
# Change host_address and host_port according to your syslog server configuartion.

/bin/cat > /etc/vmware/firewall/persistsyslog.xml << EOF
<!-- remote syslog configuration -->
<ConfigRoot>
  <service>
    <id>persistsyslog</id>
    <rule id='0000'>
      <direction>outbound</direction>

Miladbr

clusterName=$1
server=$2
namespace=$3
serviceAccount=$4

set -o errexit

secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')
token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)

Miladbr

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$wc = New-Object System.Net.WebClient

if (!(Test-Path "C:\Tools")) {
    New-Item -Path "C:\" -Name "Tools" -ItemType "directory"
}

# SYSMON
# Download Sysmon
$SysmonDirectory = "C:\Tools\Sysmon\"