win3zz

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

abersheeran

addEventListener("fetch", (event) => {
  event.respondWith(
    handleRequest(event.request).catch(
      (err) => new Response(err.stack, { status: 500 })
    )
  );
});

async function handleRequest(request) {
  const url = getUrl(request)

kennethnwc

.next/
node_modules/
Dockerfile
yarn-error.log
.dockerignore
.git
.gitignore

mahmoud-eskandari

${LOCAL_ADDR IP:PORT}

یعنی سرور ایرانتون و پورت داخلی که میخواهید روش ساکس داشته باشید و باید با این جایگزین بشود.

مثال:

10.10.10.10:9090

و قسمت پایین هم یوزر سرور خارجتون و آدرس IP سرور خارجیتونه که باید جایگزین کنید تو خط 7 فایل ssh-tunnel-as-systemd.sh

mahmoud-eskandari

curl -fsSL https://get.docker.com | sh

curl -L "https://github.com/docker/compose/releases/download/$(curl --silent "https://api.github.com/repos/docker/compose/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

nainemom

// Einstein's Five-House Riddle Solver
// Original question: https://udel.edu/~os/riddle.html
// by Nainemom <nainemom@gmail.com>

const print = (colors, nations, drinks, pets, cigars, time) => {
  console.log('')
  console.log('-'.repeat(103))
  console.log(['#1', '#2', '#3', '#4', '#5'].join("\t\t\t"))
  console.log('-'.repeat(103))
  console.log(colors.join("\t\t\t"))

bardiarastin

import { useState, useEffect } from "react";
import { AxiosPromise } from "axios";

interface IState<T = any> {
  isLoading: boolean;
  isError: boolean;
  data: T;
}

const initialState: IState = {

lgaetz

;  FreePBX Feature code prefix to allow spy/whisper/barge on
;  the specified extension. 
; 
; Latest version:
;      https://gist.github.com/lgaetz/78c4e114952e79596c1ed4123559d3d3
;
; Usage: 
;   Dialplan goes in the file:
;      /etc/asterisk/extensions_custom.conf 
;   Dial local extension with 556 prefix to spy. While spying on 

gpchelkin

### NOT A SCRIPT, JUST A REFERENCE!

# install dante-server
sudo apt update
sudo apt install dante-server

# or download latest dante-server deb for Ubuntu, works for 16.04 / 18.04 / 20.04:
wget http://archive.ubuntu.com/ubuntu/pool/universe/d/dante/dante-server_1.4.2+dfsg-7build5_amd64.deb
# or older version:
wget http://ppa.launchpad.net/dajhorn/dante/ubuntu/pool/main/d/dante/dante-server_1.4.1-1_amd64.deb

micho

First, install nginx for mac with "brew install nginx".

Then follow homebrew's instructions to know where the config file is.

1. To use https you will need a self-signed certificate: https://devcenter.heroku.com/articles/ssl-certificate-self
2. Copy it somewhere (use full path in the example below for server.* files)
3. sudo nginx -s reload
4. Access https://localhost/

Edit /usr/local/etc/nginx/nginx.conf: