Easy Bounty with GitHub: Uncovering Exposed API Keys and Tokens

By /

Listen to this Post

If you’re into bug bounty hunting, ethical hacking, or security research, here’s a simple yet effective way to uncover exposed API keys and tokens using GitHub dorking.

GitHub Dork Example:

"target.com" <em>API</em> NOT sample NOT example NOT test NOT demo NOT guest

This query filters out test/demo credentials, helping you focus on real API keys that might be unintentionally exposed.

Customize for Your Needs:

  • API Keys: 
    "target.com" API_KEY NOT sample NOT example NOT test NOT demo NOT guest
  • Auth Tokens: 
    "target.com" AUTH_TOKEN NOT sample NOT example NOT test NOT demo NOT guest
  • AWS Credentials: 
    "AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY" NOT example NOT test NOT demo

Why This Matters:

Developers sometimes accidentally commit sensitive information to public repositories. Attackers can exploit these credentials if they remain exposed.

Ethical Reminder:

Always follow responsible disclosure policies and never misuse exposed credentials. Security is about protecting, not exploiting!

You Should Know:

Here are some practical commands and tools to help you in your GitHub recon:

1. GitHub Search with `curl`:

curl -H "Accept: application/vnd.github.v3+json" "https://api.github.com/search/code?q=%22target.com%22+API_KEY+NOT+sample+NOT+example+NOT+test+NOT+demo+NOT+guest"

2. Using `git` to Clone and Search:

git clone https://github.com/target/repo.git
cd repo
grep -r "API_KEY" .

3. AWS CLI to Check Credentials:

aws configure list
aws sts get-caller-identity

4. Python Script for GitHub Dorking:

import requests

url = "https://api.github.com/search/code"
headers = {"Accept": "application/vnd.github.v3+json"}
params = {"q": '"target.com" API_KEY NOT sample NOT example NOT test NOT demo NOT guest'}

response = requests.get(url, headers=headers, params=params)
print(response.json())

5. Linux Command to Check for Exposed Tokens:

grep -r "AUTH_TOKEN" /path/to/directory

6. Windows Command to Search for Sensitive Data:

findstr /s /i "AWS_ACCESS_KEY_ID" *.txt

What Undercode Say:

GitHub dorking is a powerful technique for uncovering exposed credentials, but it must be used responsibly. Always follow ethical guidelines and report any findings to the appropriate parties. Here are some additional commands and tools to enhance your cybersecurity practices:

  • Linux Commands: 
    </li>
</ul>

<h1>Search for sensitive files</h1>

find / -name "*.env" -type f

<h1>Check for open ports</h1>

netstat -tuln

<h1>Monitor network traffic</h1>

tcpdump -i eth0 -n
    • Windows Commands: 
      </li>
</ul>

<h1>List all running processes</h1>

tasklist

<h1>Check network connections</h1>

netstat -an

<h1>Search for files containing sensitive data</h1>

dir /s /b | findstr "password"
      • Cybersecurity Tools:
      • Nmap: `nmap -sV -p 1-65535 target.com`
        – Metasploit: `msfconsole`
        – Burp Suite: For web application security testing.

      Remember, the goal is to protect and secure, not to exploit. Happy hunting!

      References:

      Reported By: Mannsapariya Bugbounty – Hackers Feeds
      Extra Hub: Undercode MoN
      Basic Verification: Pass ✅

      Join Our Cyber World:

      Whatsapp
      TelegramFeatured Image

Related Posts: