Github Dorking

GitHub is a code hosting platform for version control and collaboration usually used by development teams and by the individual developers as well.

GitHub Dorking?

GitHub Dorking is the process of using search operators to find specific repositories on GitHub. It can be used to find repositories by keyword, language, license, or other criteria. It is a way to search for specific repositories on GitHub. It can be a useful way to find repositories for specific projects or to find repositories that meet certain criteria. It can also be used to find repositories that have been abandoned or that are no longer maintained.

Dorking Methods:

  1. Automation (Tools)
  2. Manually

Automation Tools:

  1. Gitrob
  2. GitDorker

What Make Manually better than Automation tools?

  1. Automation tools only focuses on specific target employees which are listed in GitHub page by the organization.
  2. Although Automation save times but at mean time it misses the lot of precious information about the target.
  3. Manually source code is reviewed by the tester and information can be found which is use full.
  4. Manually you can search target employees names which are not listed on google, LinkedIn. But automation will skip this.

Now the question arises, how to get information about target employees which are not listed in organization?

"organization name" dotfiles
"organization name" langugae:bash
"organization name" langugae:python

In above example, the search result will contain information about changes in organization code, dotfile will contain configuration file that is how changes are made and language:bash or language:python will return files which are in bash and python respectively with author repo. So, if the target employee is not working in the organization and it has some connection in past with the company there repo and code will be present here and from here we can do further GitHub Dorking on that target employee to get something use full.

Note: In language: you can use any language.

Example of GitHub Dorks:

in:name: 
Search for repositories with a specific name.
in:name language:python 
will search for repositories with the name "python" and that are written 
in Python.
filename:.env DB_USERNAME NOT homestead
laravel .env (CI, various ruby based frameworks too)
filename:wp-config.php
wordpress config files
filename:.htpasswd
htpasswd files
filename:passwd path:etc
Contains user account information including encrypted passwords of 
traditional unix systems
filename:github-recovery-codes.txt
GitHub recovery key
filename:dbeaver-data-sources.xml
DBeaver config containing MySQL Credentials

More useful GitHub Dorks can be found here

Thanks for reading.

Github:

BubrakSher - Overview

I'm a software engineer with experience in web development and Android development. Learning ethical hacking and pen…

github.com