Github dorking tool

Overview

gh-dork

Supply a list of dorks and, optionally, one of the following:

  • a user (-u)
  • a file with a list of users (-uf)
  • an organization (-org)
  • a file with a list of organizations (-of)
  • a repo (-r)

You can also pass:

  • an output directory to store results (-o)
  • a filename to store valid items, if your users or org file may contain nonexistent users/orgs (-vif)

All input files (dorks, users, or orgs) should be newline-separated.

Usage

Clone the repository, then run pip install -r requirements.txt

The only required parameter is the dorks file (-d). See techguan's github-dorks.txt for ideas.

If an output directory is specified, a file will be created for each dork in the dorks list, and results will be saved there as well as printed. Only use an empty/nonexistent directory or it will be cleared and its contents replaced.

If your users or orgs files haven't already been filtered to remove non-existent users/orgs or those without any public code, it's highly recommended that you pass in a --valid-items-filename (-vif). This will filter out any invalid users/orgs when searching for the first dork, and avoid searching against them for subsequent dorks. The output file can also then be used as the input users/orgs file to speed up later script runs.

Example usage:

python gh-dork.py -d dorks.txt                                       # Basic usage
python gh-dork.py -d dorks.txt -u molly                              # Search repos of a specific user
python gh-dork.py -d dorks.txt -uf users.txt                         # Search repos of all users in the list
python gh-dork.py -d dorks.txt -uf users.txt -vif valid_users.txt    # Search repos of all users in the list, filtering out nonexistent users
python gh-dork.py -d dorks.txt -org github                           # Search repos of a specific organization
python gh-dork.py -d dorks.txt -of orgs.txt                          # Search repos of all orgs in the list
python gh-dork.py -d dorks.txt -of orgs.txt -vif valid_orgs.txt      # Search repos of all orgs in the list, filtering out nonexistent orgs
python gh-dork.py -d dorks.txt -r molly/gh-dork                      # Search the specified repo
python gh-dork.py -d dorks.txt -o results                            # Store results in files in the results/ directory, *overwriting any directory contents*

Authentication

Authentication is done with environment variables. You can authenticate with a Github private access token (GH_TOKEN), or username and password (GH_USER and GH_PASS). If you have two-factor authentication enabled, you will be prompted for a two-factor code.

You can also pass a Github Enterprise base URL (GH_URL) to search against that Github instance; if omitted, this will run against github.com.

If no credentials are provided or if credentials are invalid, the script will still run, but will be limited by the much lower rate limits for unauthenticated users.

Credits

Loosely based on techgaun/github-dorks.

You might also like...
github action test, because I dont know it.

mad-y testing testing pip install -r requirements.txt add the DISCORD_TOKEN value to your env vars. and run mad-y how to Deploy ` docker build -t mad-

Fetch PRs from GitHub and analyze which ones are unmergeable

Set up token Generate a personal access token on GitHub. Add repo permissions. export GH_TOKEN="abcdefg" Pull PR data make Usually, GitHub doesn't h

A service to display a quick summary of a project on GitHub.
A service to display a quick summary of a project on GitHub.

A service to display a quick summary of a project on GitHub. Usage 📖 Paste the code below with details filled in as specified below into your Readme.

Simply create JIRA releases based on your github releases

Simply create JIRA releases based on your github releases

Add your recently blog and douban states in your GitHub Profile

Add your recently blog and douban states in your GitHub Profile

A Github Action for sending messages to a Matrix Room.
A Github Action for sending messages to a Matrix Room.

matrix-commit A Github Action for sending messages to a Matrix Room. Screenshot: Example Usage: # .github/workflows/matrix-commit.yml on: push:

Python script to commit to your github for a perfect commit streak. This is purely for education purposes, please don't use this script to do bad stuff.

Daily-Git-Commit Commit to repo every day for the perfect commit streak Requirments pip install -r requirements.txt Setup Download this repository. Cr

Auto check in via GitHub Actions

因为本人毕业离校,本项目交由在校的@hfut-xyc同学接手,请访问hfut-xyc/hfut_auto_check-in获得最新的脚本 本项目遵从GPLv2协定,Copyright (C) 2021, Fw[a]rd 免责声明 根据GPL协定,我、本项目的作者,不会对您使用这个脚本带来的任何后果

A script to add issues to a project in Github based on label or status.

Add Github Issues to Project (Beta) A python script to move Github issues to a next-gen (beta) Github Project Getting Started These instructions will

Owner
Molly White
Molly White
GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

GitHub Actions Version Updater GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create

Maksudul Haque 42 Dec 22, 2022
Automated GitHub profile content using the USGS API, Plotly and GitHub Actions.

Top 20 Largest Earthquakes in the Past 24 Hours Location Mag Date and Time (UTC) 92 km SW of Sechura, Peru 5.2 11-05-2021 23:19:50 113 km NNE of Lobuj

Mr. Phantom 28 Oct 31, 2022
Dicionario-git-github - Dictionary created to help train new users of Git and GitHub applications

Dicionário ?? Dicionário criado com o objetivo de auxiliar no treinamento de nov

Felippe Rafael 1 Feb 7, 2022
ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.

ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.

Checkmarx 36 Nov 2, 2022
A tool to flash .ofp files in bootloader mode without needing MSM Tool, an alternative to official realme tool

Oppo/Realme Flash .OFP File on Bootloader A tool to flash .ofp files in bootloader mode without needing MSM Tool, an alternative to official realme to

Italo Almeida 70 Jan 2, 2023
A script to automatically update bot status at GitHub as well as in Telegram channel.

A simple & short repository to show your bot's status in your GitHub README.md file as well as in you channel.

Jainam Oswal 55 Dec 13, 2022
Replit theme sync; Github theme sync but in Replit.

This is a Replit theme sync, basically meaning that it keeps track of the current time (which may need to be edited later on), and if the time passes morning, afternoon, etc, the theme switches. The idea came from GitHub's theme sync. Except this is a separate program, not attached to Replit.

Glitch 8 Jun 25, 2022
Why write code when you can import it directly from GitHub Copilot?

Copilot Importer Why write code when you can import it directly from GitHub Copilot? What is Copilot Importer? The copilot python module will dynamica

Mythic 41 Jan 4, 2023
tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel. This project is inspired by tox-travis.

tox development team 19 Dec 26, 2022
Script to quickly get the metrics from Github repos to analyze.

commit-prefix-analysis Script to quickly get the metrics from Github repos to analyze. Setup Install the Github CLI. You'll know its working when runn

David Carpenter 1 Dec 17, 2022