Home / Unlabelled / GitMiner - Tool For Advanced Content Search On Github

GitMiner - Tool For Advanced Content Search On Github

GitMiner - Tool for Advanced Content Search on Github

GitMiner is an advanced search tool for Github. It aims to facilitate research by code or code snippets on github through the site's search page.

It demonstrates the fragility of trust in public repositories to store codes with sensitive information.

Requirements:

  • lxml
  • requests
  • argparse
  • json
  • re

How To Install GitMiner:

$ git clone http://github.com/UnkL4b/GitMiner
 
 $ cd GitMiner
 
 ~/GitMiner $ pip3 install -r requirements.txt

Docker:
$ git clone http://github.com/UnkL4b/GitMiner
 $ cd GitMiner
 $ docker build -t gitminer .
 $ docker run -it gitminer -h


Help:

                                 UnkL4b
   __                   Automatic search for Github
 ((OO))   ▄████  ██▓▄▄▄█████▓ ███▄ ▄███▓ ██▓ ███▄    █ ▓█████  ██▀███  
  \__/   ██▒ ▀█▒▓██▒▓  ██▒ ▓▒▓██▒▀█▀ ██▒▓██▒ ██ ▀█   █ ▓█   ▀ ▓██ ▒ ██▒      OO
   |^|  ▒██░▄▄▄░▒██▒▒ ▓██░ ▒░▓██    ▓██░▒██▒▓██  ▀█ ██▒▒███   ▓██ ░▄█ ▒      oOo
   | |  ░▓█  ██▓░██░░ ▓██▓ ░ ▒██    ▒██ ░██░▓██▒  ▐▌██▒▒▓█  ▄ ▒██▀▀█▄      OoO
   | |  ░▒▓███▀▒░██░  ▒██▒ ░ ▒██▒   ░██▒░██░▒██░   ▓██░░▒████▒░██▓ ▒██▒  /oOo 
   | |___░▒___▒_░▓____▒_░░___░_▒░___░__░░▓__░_▒░___▒_▒_░░_▒░_░░_▒▓_░▒▓░_/ /
   \______░___░__▒_░____░____░__░______░_▒_░░_░░___░_▒░_░_░__░__░▒_░_▒░__/  v2.0
        ░ ░   ░  ▒ ░  ░      ░      ░    ▒ ░   ░   ░ ░    ░     ░░   ░ 
              ░  ░                  ░    ░           ░    ░  ░   ░     
 
   -> github.com/UnkL4b
   -> unkl4b.github.io
 
   +---------------------[WARNING]---------------------+
   | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT        |
   | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY    |
   | THIS PROGRAM                                      |
   +---------------------------------------------------+ 
        [-h] [-q 'filename:shadow path:etc']
        [-m wordpress] [-o result.txt]
        [-r '/^\s*.*?;?\s*$/gm']
        [-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83]
 
 optional arguments:
   -h, --help            show this help message and exit
   -q 'filename:shadow path:etc', --query 'filename:shadow path:etc'
                         Specify search term
   -m wordpress, --module wordpress
                         Specify the search module
   -o result.txt, --output result.txt
                         Specify the output file where it will be
                         saved
   -r '/^\s*(.*?);?\s*$/gm', --regex '/^\s*(.*?);?\s*$/gm'
                         Set regex to search in file
   -c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83, --cookie _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83
                         Specify the cookie for your github


How To Use GitMiner:

  • Searching for wordpress configuration files with passwords:
$:> python3 gitminer-v2.0.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt

GitMiner Screenshot 1

  • Looking for brasilian government files containing passwords:
$:> python3 gitminer-v2.0.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

  • Looking for shadow files on the etc paste:
$:> python3 gitminer-v2.0.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

  • Searching for joomla configuration files with passwords:
$:> python3 gitminer-v2.0.py --query 'filename:configuration extension:php "public password" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

GitMiner Screenshot 2

Hacking SSH Servers:

Dorks to Search: 


 
 Dork
 
 
 Description
 
 
 
 
 
 filename:.npmrc _auth
 npm registry authentication data
 
 
 filename:.dockercfg auth
 docker registry authentication data
 
 
 extension:pem private
 private keys
 
 
 extension:ppk private
 puttygen private keys
 
 
 filename:id_rsa or filename:id_dsa
 private ssh keys
 
 
 extension:sql mysql dump
 mysql dump
 
 
 extension:sql mysql dump password
 mysql dump look for password; you can try varieties
 
 
 filename:credentials aws_access_key_id
 might return false negatives with dummy values
 
 
 filename:.s3cfg
 might return false negatives with dummy values
 
 
 filename:wp-config.php
 wordpress config files
 
 
 filename:.htpasswd
 htpasswd files
 
 
 filename:.env DB_USERNAME NOT homestead
 laravel .env (CI, various ruby based frameworks too)
 
 
 filename:.env MAIL_HOST=smtp.gmail.com
 gmail smtp configuration (try different smtp services too)
 
 
 filename:.git-credentials
 git credentials store, add NOT username for more valid results
 
 
 PT_TOKEN language:bash
 pivotaltracker tokens
 
 
 filename:.bashrc password
 search for passwords, etc. in .bashrc (try with .bash_profile too)
 
 
 filename:.bashrc mailchimp
 variation of above (try more variations)
 
 
 filename:.bash_profile aws
 aws access and secret keys
 
 
 rds.amazonaws.com password
 Amazon RDS possible credentials
 
 
 extension:json api.forecast.io
 try variations, find api keys/secrets
 
 
 extension:json mongolab.com
 mongolab credentials in json configs
 
 
 extension:yaml mongolab.com
 mongolab credentials in yaml configs (try with yml)
 
 
 jsforce extension:js conn.login
 possible salesforce credentials in nodejs projects
 
 
 SF_USERNAME salesforce
 possible salesforce credentials
 
 
 filename:.tugboat NOT _tugboat
 Digital Ocean tugboat config
 
 
 HEROKU_API_KEY language:shell
 Heroku api keys
 
 
 HEROKU_API_KEY language:json
 Heroku api keys in json files
 
 
 filename:.netrc password
 netrc that possibly holds sensitive credentials
 
 
 filename:_netrc password
 netrc that possibly holds sensitive credentials
 
 
 filename:hub oauth_token
 hub config that stores github tokens
 
 
 filename:robomongo.json
 mongodb credentials file used by robomongo
 
 
 filename:filezilla.xml Pass
 filezilla config file with possible user/pass to ftp
 
 
 filename:recentservers.xml Pass
 filezilla config file with possible user/pass to ftp
 
 
 filename:config.json auths
 docker registry authentication data
 
 
 filename:idea14.key
 IntelliJ Idea 14 key, try variations for other versions
 
 
 filename:config irc_pass
 possible IRC config
 
 
 filename:connections.xml
 possible db connections configuration, try variations to be specific
 
 
 filename:express.conf path:.openshift
 openshift config, only email and server thou
 
 
 filename:.pgpass
 PostgreSQL file which can contain passwords
 
 
 filename:proftpdpasswd
 Usernames and passwords of proftpd created by cpanel
 
 
 filename:ventrilo_srv.ini
 Ventrilo configuration
 
 
 [WFClient] Password= extension:ica
 WinFrame-Client infos needed by users to connect toCitrix Application Servers
 
 
 filename:server.cfg rcon password
 Counter Strike RCON Passwords
 
 
 JEKYLL_GITHUB_TOKEN
 Github tokens used for jekyll
 
 
 filename:.bash_history
 Bash history file
 
 
 filename:.cshrc
 RC file for csh shell
 
 
 filename:.history
 history file (often used by many tools)
 
 
 filename:.sh_history
 korn shell history
 
 
 filename:sshd_config
 OpenSSH server config
 
 
 filename:dhcpd.conf
 DHCP service config
 
 
 filename:prod.exs NOT prod.secret.exs
 Phoenix prod configuration file
 
 
 filename:prod.secret.exs
 Phoenix prod secret
 
 
 filename:configuration.php JConfig password
 Joomla configuration file
 
 
 filename:config.php dbpasswd
 PHP application database password (e.g., phpBB forum software)
 
 
 path:sites databases password
 Drupal website database credentials
 
 
 shodan_api_key language:python
 Shodan API keys (try other languages too)
 
 
 filename:shadow path:etc
 Contains encrypted passwords and account information of new unix systems
 
 
 filename:passwd path:etc
 Contains user account information including encrypted passwords of traditional unix systems
 
 
 extension:avastlic "support.avast.com"
 Contains license keys for Avast! Antivirus
 
 
 filename:dbeaver-data-sources.xml
 DBeaver config containing MySQL Credentials
 
 
 filename:.esmtprc password
 esmtp configuration
 
 
 extension:json googleusercontent client_secret
 OAuth credentials for accessing Google APIs
 
 
 HOMEBREW_GITHUB_API_TOKEN language:shell
 Github token usually set by homebrew users
 
 
 xoxp OR xoxb
 Slack bot and private tokens
 
 
 .mlab.com password
 MLAB Hosted MongoDB Credentials
 
 
 filename:logins.json
 Firefox saved password collection (key3.db usually in same repo)
 
 
 filename:CCCam.cfg
 CCCam Server config file
 
 
 msg nickserv identify filename:config
 Possible IRC login passwords
 
 
 filename:settings.py SECRET_KEY
 Django secret keys (usually allows for session hijacking, RCE, etc)
 
 
 filename:secrets.yml password
 Usernames/passwords, Rails applications
 
 
 filename:master.key path:config
 Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)
 
 
 filename:deployment-config.json
 Created by sftp-deployment for Atom, contains server details and credentials
 
 
 filename:.ftpconfig
 Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
 
 
 filename:.remote-sync.json
 Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
 
 
 filename:sftp.json path:.vscode
 Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
 
 
 filename:sftp-config.json
 Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials
 
 
 filename:WebServers.xml
 Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)
 
 *******************************************************
 ***************************************************************


Download GitMiner


Source: www.effecthacking.com
GitMiner - Tool For Advanced Content Search On Github GitMiner - Tool For Advanced Content Search On Github Reviewed by Anonymous on 10:36 PM Rating: 5

Tags