Home Security Tools GitMiner – Tool for Advanced Content Search on Github

GitMiner – Tool for Advanced Content Search on Github

by ethhack
filename:.npmrc _authnpm registry authentication datafilename:.dockercfg authdocker registry authentication dataextension:pem privateprivate keysextension:ppk privateputtygen private keysfilename:id_rsa or filename:id_dsaprivate ssh keysextension:sql mysql dumpmysql dumpextension:sql mysql dump passwordmysql dump look for password; you can try varietiesfilename:credentials aws_access_key_idmight return false negatives with dummy valuesfilename:.s3cfgmight return false negatives with dummy valuesfilename:wp-config.phpwordpress config filesfilename:.htpasswdhtpasswd filesfilename:.env DB_USERNAME NOT homesteadlaravel .env (CI, various ruby based frameworks too)filename:.env MAIL_HOST=smtp.gmail.comgmail smtp configuration (try different smtp services too)filename:.git-credentialsgit credentials store, add NOT username for more valid resultsPT_TOKEN language:bashpivotaltracker tokensfilename:.bashrc passwordsearch for passwords, etc. in .bashrc (try with .bash_profile too)filename:.bashrc mailchimpvariation of above (try more variations)filename:.bash_profile awsaws access and secret keysrds.amazonaws.com passwordAmazon RDS possible credentialsextension:json api.forecast.iotry variations, find api keys/secretsextension:json mongolab.commongolab credentials in json configsextension:yaml mongolab.commongolab credentials in yaml configs (try with yml)jsforce extension:js conn.loginpossible salesforce credentials in nodejs projectsSF_USERNAME salesforcepossible salesforce credentialsfilename:.tugboat NOT _tugboatDigital Ocean tugboat configHEROKU_API_KEY language:shellHeroku api keysHEROKU_API_KEY language:jsonHeroku api keys in json filesfilename:.netrc passwordnetrc that possibly holds sensitive credentialsfilename:_netrc passwordnetrc that possibly holds sensitive credentialsfilename:hub oauth_tokenhub config that stores github tokensfilename:robomongo.jsonmongodb credentials file used by robomongofilename:filezilla.xml Passfilezilla config file with possible user/pass to ftpfilename:recentservers.xml Passfilezilla config file with possible user/pass to ftpfilename:config.json authsdocker registry authentication datafilename:idea14.keyIntelliJ Idea 14 key, try variations for other versionsfilename:config irc_passpossible IRC configfilename:connections.xmlpossible db connections configuration, try variations to be specificfilename:express.conf path:.openshiftopenshift config, only email and server thoufilename:.pgpassPostgreSQL file which can contain passwordsfilename:proftpdpasswdUsernames and passwords of proftpd created by cpanelfilename:ventrilo_srv.iniVentrilo configuration[WFClient] Password= extension:icaWinFrame-Client infos needed by users to connect toCitrix Application Serversfilename:server.cfg rcon passwordCounter Strike RCON PasswordsJEKYLL_GITHUB_TOKENGithub tokens used for jekyllfilename:.bash_historyBash history filefilename:.cshrcRC file for csh shellfilename:.historyhistory file (often used by many tools)filename:.sh_historykorn shell historyfilename:sshd_configOpenSSH server configfilename:dhcpd.confDHCP service configfilename:prod.exs NOT prod.secret.exsPhoenix prod configuration filefilename:prod.secret.exsPhoenix prod secretfilename:configuration.php JConfig passwordJoomla configuration filefilename:config.php dbpasswdPHP application database password (e.g., phpBB forum software)path:sites databases passwordDrupal website database credentialsshodan_api_key language:pythonShodan API keys (try other languages too)filename:shadow path:etcContains encrypted passwords and account information of new unix systemsfilename:passwd path:etcContains user account information including encrypted passwords of traditional unix systemsextension:avastlic “support.avast.com”Contains license keys for Avast! Antivirusfilename:dbeaver-data-sources.xmlDBeaver config containing MySQL Credentialsfilename:.esmtprc passwordesmtp configurationextension:json googleusercontent client_secretOAuth credentials for accessing Google APIsHOMEBREW_GITHUB_API_TOKEN language:shellGithub token usually set by homebrew usersxoxp OR xoxbSlack bot and private tokens.mlab.com passwordMLAB Hosted MongoDB Credentialsfilename:logins.jsonFirefox saved password collection (key3.db usually in same repo)filename:CCCam.cfgCCCam Server config filemsg nickserv identify filename:configPossible IRC login passwordsfilename:settings.py SECRET_KEYDjango secret keys (usually allows for session hijacking, RCE, etc)filename:secrets.yml passwordUsernames/passwords, Rails applicationsfilename:master.key path:configRails master key (used for decrypting credentials.yml.enc for Rails 5.2+)filename:deployment-config.jsonCreated by sftp-deployment for Atom, contains server details and credentialsfilename:.ftpconfigCreated by remote-ssh for Atom, contains SFTP/SSH server details and credentialsfilename:.remote-sync.jsonCreated by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentialsfilename:sftp.json path:.vscodeCreated by vscode-sftp for VSCode, contains SFTP/SSH server details and credentailsfilename:sftp-config.jsonCreated by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentialsfilename:WebServers.xmlCreated by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)**********************************************************************************************************************



Source link

Related Articles

Leave a Comment