Skip to content

Instantly share code, notes, and snippets.

View samidunimsara's full-sized avatar
🙃

Samidu Nimsara samidunimsara

🙃
View GitHub Profile
Step 0
Bookmark your current page by clicking the star ⭐ symbol from the chrome menu.
After doing this, you should see a toast message Bookmarked with an edit button:
Click the edit option and change the bookmark details to the following:
Name: js69
URL (copy and paste code below):
@samidunimsara
samidunimsara / aws-ip-ranges.txt
Created December 29, 2023 12:07
AWS IP address ranges
3.2.34.0/26
3.5.140.0/22
13.34.37.64/27
13.34.65.64/27
13.34.66.0/27
13.34.78.160/27
13.34.103.96/27
15.230.15.29/32
15.230.15.76/31
15.230.221.0/24
@samidunimsara
samidunimsara / nmap.sh
Created December 13, 2023 17:21 — forked from 5l1v3r1/nmap.sh
Three steps for nmap
echo -n "Target list (google.com, 192.168.1.1/24): "
read IP
echo "Treat all hosts as online -- skip host discovery (Y/N)?"
read answer
PN=""
if [ "$answer" != "${answer#[Yy]}" ] ; then
PN="-Pn";
fi

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@samidunimsara
samidunimsara / exv1.txt
Created October 1, 2022 19:00
copypastforinput
".mlab.com password"
"AWSSecretKey"
"JEKYLL_GITHUB_TOKEN"
"SF_USERNAME salesforce"
"access_key"
"access_token"
"amazonaws"
"apiSecret"