sophanithvong

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

	############ REPLACE app/models/enterprise_token.rb in the source code with this file! ################
	############ also be sure to RESTART OpenProject after replacing the file. ################
	############ it doesn't show that enterprise mode is enabled in the settings, but all ################
	############ enterprise mode features, such as KanBan boards, are enabled. ################
	#-- copyright
	# OpenProject is an open source project management software.
	# Copyright (C) 2012-2023 the OpenProject GmbH
	#
	# This program is free software; you can redistribute it and/or
	# modify it under the terms of the GNU General Public License version 3.

	#!/bin/bash

	# Author: NakamuraOS
	# https://github.com/nakamuraos
	# Latest update: 30/03/2022
	# Tested on Navicat 15.x, 16.x on Linux

	RED="\e[1;31m"
	ENDCOLOR="\e[0m"