issues
search
techgaun
/
github-dorks
Find leaked secrets via github search
Apache License 2.0
2.83k
stars
591
forks
source link
Added git wiper dorks
#35
Closed
Plazmaz
closed
5 years ago
Plazmaz
commented
5 years ago
Please include all of the following fields when adding dorks/patterns
Search URL:
https://github.com/search?q=filename%3AWebServers.xml&type=Code
Number of search results at time of PR: 12,899 (just for webservers.xml)
Impact of data disclosed (see table below): ⚠️ through ❗️
Description of data disclosed: These files were used to "wipe" a large number of git repositories earlier this month:
https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/
Thanks to the awesome work done by BadPackets, we have a list of filenames they looked for:
https://twitter.com/bad_packets/status/1124767749576638464
These are mostly configuration files for IDEs or IDE plugins.
Icon/Name
Description
Examples
❓ Unknown
The impact of this data is highly variable or unknown)
N/A
➖ Low
This data will provide minimal access or mostly public information)
Non-stored XSS, Limited scope + read-only API access
➕ Moderate
This data will provide some access or information
Stored XSS in some cases, read-only or limited write API access
⚠️ High
This data will provide single-user access or secret information)
Usernames/passwords, OAuth tokens
❗️ Critical
This data will provide complete control, access to several users, or confidential/personal information
Credential database dumps, AWS keys
Please include all of the following fields when adding dorks/patterns