https://gist.github.com/jhaddix/77253cea49bf4bd4bfd5d384a37ce7a4
# Github dorks work a lot with filename and extension
# You can build search like this
filename:bashrc
extension:pem
langage:bash
# Possible to search terms and use these keywords
# Some usefull examples
extension:pem private # Private SSH Keys
extension:sql mysql dump # MySQL dumps
extension:sql mysql dump password # MySQL dumps with passwords
filename:wp-config.php # Wordpress config file
filename:.htpasswd # .htpasswd
filename:.git-credentials # Git stored credentials
filename:.bashrc password # .bashrc files containing passwords
filename:.bash_profile aws # AWS keys in .bash_profiles
extension:json mongolab.com # Keys/Credentials for mongolab
HEROKU_API_KEY language:json # Heroku API Keys
filename:filezilla.xml Pass # FTP credentials
filename:recentservers.xml Pass # FTP credentials
filename:config.php dbpasswd # PHP Applications databases credentials
shodan_api_key language:python # Shodan API Keys (try others languages)
filename:logins.json # Firefox saved password collection (key3.db usually in same repo)
filename:settings.py SECRET_KEY # Django secret keys (usually allows for session hijacking, RCE, etc)
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247496333&idx=3&sn=4aa33ab71f777422d8e13722b7dbcbde&chksm=9badbbc6acda32d019a72e1d85bb932a330ce01d6d1450a5f07551a8e04a541b67ee91fa33a0#rd
如有侵权请联系:admin#unsafe.sh