GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Hadryan / mobile-browser-detect

Created December 28, 2023 15:15 — forked from braddown/mobile-browser-detect

Link for App Download - Mobile OS Detection and Redirect Download Link to Appropriate App Store

	<!DOCTYPE HTML>
	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<title>Redirect</title>
	<script type="text/javascript"> // <![CDATA[
	//iPhone Version:
	if((navigator.userAgent.match(/iPhone/i)) \|\| (navigator.userAgent.match(/iPod/i))) {
	window.location = "http://goo.gl/IWd7J";
	}

Hadryan / gist:a782212e44eecb7c884be20620c47f8f

Created August 31, 2023 08:15 — forked from amichaelgrant/gist:90d99d7d5d48bf8fd209

failed (104: Connection reset by peer) while reading response header from upstream, client:

	failed (104: Connection reset by peer) while reading response header from upstream, client:
	If you are getting the above error in nginx logs running in from of upstream servers you may consider doing this as it worked for me:
	check the ulimit on the machines and ensure it is high enough to handle the load coming in. 'ulimit' on linux, I am told determines the maximum number of open files the kernel can handle.

	The way I did that?
	modifying limits: for open files:
	--------------------------------
	add or change this line in /etc/systcl.conf
	fs.file-max = <limit-number>

Hadryan / wget recursively with UserAgent

Created April 5, 2023 20:26 — forked from potix2/wget recursively with UserAgent

wget -r -k -np --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53" http://examle.com/xxxx/yyyy

Hadryan / gist:0ecd63eb3f4c42aa51602725303e9d54

Created March 1, 2023 13:19 — forked from jhoelzel/gist:1c015e667c162fc8f3f3712b1c6417c5

iptables / ip6tables allow only cloudflare IPs to acces our server

	# https://www.cloudflare.com/ips
	# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

	for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
	for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

Hadryan / README.md

Created January 29, 2023 19:55 — forked from woblerr/README.md

Docker containers logs clearing script

chmod +x ./clear_docker_container_logs.sh

Usage

Usage: ../clear_docker_container_logs.sh [-c ""]

Hadryan / Dockerfile

Created November 22, 2022 08:02 — forked from jgould22/Dockerfile

Postgres 15 - Alpine - pg_partman with pg_jobmon

	FROM postgres:15-alpine
	LABEL maintainer="Jordan Gould <[email protected]>"
	# Based on https://github.com/andreaswachowski/docker-postgres/blob/master/initdb.sh

	ENV PG_JOBMON_VERSION v1.4.1
	ENV PG_PARTMAN_VERSION v4.7.1

	# Install pg_jobmon
	RUN set -ex \
	\

Hadryan / with index and sorting. 1000000 count

Created November 21, 2022 20:35 — forked from le0pard/with index and sorting. 1000000 count

Search similar images in PostgreSQL

EXPLAIN ANALYZE SELECT smlar(images.image_array, '{1010259,1011253,1012249,1013251,1014249,1015249,1016247,1017252,1018252,1019251,1020251,1021253,1022258,1023257,1024257,1110258,1111258,1112252,1113251,1114251,1115250,1116247,1117252,1118252,1119252,1120252,1121253,1122257,1123257,1124257,1210258,1211258,1212258,1213253,1214251,1215251,1216248,1217253,1218253,1219253,1220253,1221253,1222253,1223253,1224252,1310258,1311258,1312258,1313258,1314258,1315252,1316248,1317253,1318257,1319257,1320253,1321253,1322257,1323253,1324253,1410258,1411258,1412258,1413258,1414258,1415257,1416250,1417253,1418257,1419257,1420257,1421253,1422257,1423257,1424253,1510258,1511258,1512258,1513258,1514258,1515257,1516251,1517253,1518257,1519253,1520252,1521252,1522252,1523251,1524250,1610258,1611258,1612258,1613258,1614258,1615257,1616252,1617252,1618251,1619250,1620247,1621251,1622251,1623250,1624250,1710258,1711258,1712258,1713258,1714258,1715257,1716252,1717257,1718257,1719257,1720252,1721253,1722252,1723253,1724253,1810258,18112

Hadryan / sources.list

Created November 16, 2022 20:05 — forked from MatiasPujado/sources.list

Debian 11 - Bullseye sources.list

	# Main
	deb https://deb.debian.org/debian bullseye main contrib non-free
	deb-src https://deb.debian.org/debian bullseye main contrib non-free

	# Security
	deb https://security.debian.org/debian-security bullseye-security main contrib non-free
	deb https://deb.debian.org/debian-security/ bullseye-security main contrib non-free
	deb-src https://deb.debian.org/debian-security/ bullseye-security main contrib non-free

	# Updates

Hadryan / Tiktok API

Created November 8, 2022 13:52 — forked from htoann/Tiktok API

Tiktok API

	{
	"info": {
	"_postman_id": "6ea46510-3f0c-4367-83bc-da66ddebc8da",
	"name": "Tiktok API",
	"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
	"_exporter_id": "17115154",
	"lmao": "https://tiktok.fullstack.edu.vn/api/"
	"fix": "posts === videos"
	},
	"item": [