Skip to content

Instantly share code, notes, and snippets.

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@SoabY
SoabY / JetBrains products Activation code until 15 May 2024
Created October 1, 2023 08:04
JetBrains products Activation code until 15 May 2024
8Z6IT0PIZH-eyJsaWNlbnNlSWQiOiI4WjZJVDBQSVpIIiwibGljZW5zZWVOYW1lIjoiSHVuYW4gTm9ybWFsIFVuaXZlcnNpdHkiLCJhc3NpZ25lZU5hbWUiOiJTdGFyayB6aGFuZyIsImFzc2lnbmVlRW1haWwiOiJzdGFyazE5ODUyMDIwQGdtYWlsLmNvbSIsImxpY2Vuc2VSZXN0cmljdGlvbiI6IkZvciBlZHVjYXRpb25hbCB1c2Ugb25seSIsImNoZWNrQ29uY3VycmVudFVzZSI6ZmFsc2UsInByb2R1Y3RzIjpbeyJjb2RlIjoiRFBOIiwicGFpZFVwVG8iOiIyMDI0LTA1LTE1IiwiZXh0ZW5kZWQiOmZhbHNlfSx7ImNvZGUiOiJEQiIsInBhaWRVcFRvIjoiMjAyNC0wNS0xNSIsImV4dGVuZGVkIjpmYWxzZX0seyJjb2RlIjoiUFMiLCJwYWlkVXBUbyI6IjIwMjQtMDUtMTUiLCJleHRlbmRlZCI6ZmFsc2V9LHsiY29kZSI6IklJIiwicGFpZFVwVG8iOiIyMDI0LTA1LTE1IiwiZXh0ZW5kZWQiOmZhbHNlfSx7ImNvZGUiOiJSU0MiLCJwYWlkVXBUbyI6IjIwMjQtMDUtMTUiLCJleHRlbmRlZCI6dHJ1ZX0seyJjb2RlIjoiR08iLCJwYWlkVXBUbyI6IjIwMjQtMDUtMTUiLCJleHRlbmRlZCI6ZmFsc2V9LHsiY29kZSI6IkRNIiwicGFpZFVwVG8iOiIyMDI0LTA1LTE1IiwiZXh0ZW5kZWQiOmZhbHNlfSx7ImNvZGUiOiJSU0YiLCJwYWlkVXBUbyI6IjIwMjQtMDUtMTUiLCJleHRlbmRlZCI6dHJ1ZX0seyJjb2RlIjoiRFMiLCJwYWlkVXBUbyI6IjIwMjQtMDUtMTUiLCJleHRlbmRlZCI6ZmFsc2V9LHsiY29kZSI6IlBDIiwicGFpZFVwVG8iOiIyMDI0LTA1LTE1IiwiZ
@OrionReed
OrionReed / DOM3D.js
Last active March 28, 2024 13:10
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@iRajatDas
iRajatDas / HowToDeleteAllCloudflareRecors.md
Created November 20, 2022 14:51 — forked from AidasK/HowToDeleteAllCloudflareRecors.md
Cloudflare delete all DNS records. Just go to cloudflare dns zones, open your browers developer console and paste this javascript code.

image

Real developers are not used to clicking, it's allways easier to write a script to do it for you.
@vwrs
vwrs / ndcg-bq-udf.sql
Last active March 28, 2024 13:06
calculate NDCG in BigQuery
create temp function ndcg(rels array<int64>, k int64) returns float64 as (
(
with gain as (
select
(pow(2, rel) - 1) / log(i + 2) as g,
(pow(2, rel_sorted) - 1) / log(i + 2) as g_ideal
from
unnest(rels) as rel with offset as i
left join unnest((
select
@imba-tjd
imba-tjd / .Cloud.md
Last active March 28, 2024 13:06
☁️ 一些免费的云资源

IaaS指提供系统(可以自己选)或者储存空间之类的硬件,软件要自己手动装;PaaS提供语言环境和框架(可以自己选);SaaS只能使用开发好的软件(卖软件本身);BaaS一般类似于非关系数据库,但各家不通用,有时还有一些其它东西。

其他人的集合