win3zz

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

grabbou

{
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Start Expo dev server",
      "type": "shell",
      "command": "cd ./apps/mobile && yarn start",
      "presentation": {
        "reveal": "always",
        "panel": "new",

konstruktoid

---
- hosts: all
  any_errors_fatal: true
  gather_facts: false
  vars:
    a: 
    b: 2
    c: 3
  tasks:
    - name: inline if

sigio

At the end of every role:
- import_tasks: "common_tasks/update_localfacts.yaml"

And in that file:

---

- name: update localfacts
  ini_file:
    path: "/etc/ansible/facts.d/custom.fact"

AdamBien

Ask questions and see you at July, 4th, 8.PM. CET: youtube.com/c/bienadam

Also checkout recent episode:

Please keep the questions Jakarta EE-stic. Means: as short and as concise as only possible. Feel free to ask several, shorter questions. Upcoming airhacks.tv events are also going to be announced at meetup.com/airhacks

saiyam1814

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "step1"
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
echo "kubeadm install"
sudo apt update -y
sudo apt -y install vim git curl wget kubelet=1.23.0-00 kubeadm=1.23.0-00 kubectl=1.23.0-00
sudo apt-mark hold kubelet kubeadm kubectl
echo "memory swapoff"
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
sudo swapoff -a

wolfv

export TOKEN=$(curl --silent https://ghcr.io/token\?scope\=repository:wolfv/artifact:pull | jq -r .token)

curl \
--silent \
--request 'GET' \
--header "Authorization: Bearer $TOKEN" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \
'https://ghcr.io/v2/wolfv/artifact/manifests/1.0'

echo "\n\nFetching image content now:\n\n"

sannae

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  # Box
  config.vm.box = "StefanScherer/windows_2019"

  # Additional parameters to communicate with Windows
  config.vm.boot_timeout = 60

vfarcic

# Source: https://gist.github.com/6955a3fa05665c6b8bb7a3a48ebbdd23

##########################################
# DevSpace                               #
# Development Environments in Kubernetes #
# https://youtu.be/nQly_CEjJc4           #
##########################################

# Referenced videos:
# - How To Create Virtual Kubernetes Clusters With vcluster By loft: https://youtu.be/JqBjpvp268Y

grigorkh

Aspect or Feature	kubernetes/ingress-nginx	nginxinc/kubernetes-ingress with NGINX	nginxinc/kubernetes-ingress with NGINX Plus
Fundamental
Authors	Kubernetes community	NGINX Inc and community	NGINX Inc and community
NGINX version	Custom NGINX build that includes several third-party modules	NGINX official mainline build	NGINX Plus
Commercial support	N/A	N/A	Included
Implemented in	Go/Lua (while Nginx is written in C)	Go/Python	Go/Python
Load balancing configuration via the Ingress resource