T1ckbase T1ckbase

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Small warning for everyone that are thinking if using Tex colors is a good idea or not

2023-05-02 - Since a few days ago \colorbox and \fcolorbox are broken and Github did't talk about if it's a temporary thing or if it will not be added back.
- 2024-01-04 - Since it has not being added back I deduce that it will never be so I removed all mentions to it on the rest of the gist.
2023-09-29 - Tex seems to not work on h1 to h6 anymore (markdown #'s)
- 2024-01-04 - Now it works again, I'll keep the message for a while to remember that it may change again in the future

As you can se with the above message(s) Tex may not be very stable and may not be an option to you as of the dates expressed above. You can also check other tex problems here.

Github released Tex support and colors* to the markdown and you din't realized

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	`allintext:"keyword"`
intext	Searches for the occurrences of keywords all at once or one at a time.	`intext:"keyword"`
inurl	Searches for a URL matching one of the keywords.	`inurl:"keyword"`
allinurl	Searches for a URL matching all the keywords in the query.	`allinurl:"keyword"`
intitle	Searches for occurrences of keywords in title all or one.	`intitle:"keyword"`

Code is clean if it can be understood easily – by everyone on the team. Clean code can be read and enhanced by a developer other than its original author. With understandability comes readability, changeability, extensibility and maintainability.

General rules

Follow standard conventions.
Keep it simple stupid. Simpler is always better. Reduce complexity as much as possible.
Boy scout rule. Leave the campground cleaner than you found it.
Always find root cause. Always look for the root cause of a problem.

Design rules

Google Text to Speech API

Base URL: http://translate.google.com/translate_tts
It converts written words into audio. It accepts GET requests.

GET

q
The query string to convert to audio

tl
Translation language, for example, ar for Arabic, or en-us for English

	const multiplyMatrices = (A, B) => {
	return [
	A[0]B[0] + A[1]B[1] + A[2]*B[2],
	A[3]B[0] + A[4]B[1] + A[5]*B[2],
	A[6]B[0] + A[7]B[1] + A[8]*B[2]
	];
	}

	const oklch2oklab = ([l, c, h]) => [
	l,

	@font-face {
	font-family: 'JetBrains Mono';
	src: url('https://cdn.jsdelivr.net/gh/JetBrains/JetBrainsMono/web/woff2/JetBrainsMono-Bold-Italic.woff2') format('woff2'),
	url('https://cdn.jsdelivr.net/gh/JetBrains/JetBrainsMono/web/woff/JetBrainsMono-Bold-Italic.woff') format('woff');
	font-weight: 700;
	font-style: italic;
	font-display: swap;
	}

	@font-face {

	var keys = ['AB', 'CD', 'EF', 'GH'];
	var values = [1, 2, 3, 4];

	// Equivalent to python dict(zip(['AB', 'CD', 'EF', 'GH'],[1, 2, 3, 4])) in javascript
	function dictZip(key_array, val_array) {
	if (key_array.length === val_array.length) {
	return key_array.reduce((acc, curr, index) => {
	acc[curr] = val_array[index];
	return acc;
	}, {});