Possible IRC login passwords possible salesforce credentials in nodejs projects
msg nickserv identify filename:config jsforce extension:js conn.login
Drupal website database credentials Github tokens used for jekyll
path:sites databases password JEKYLL_GITHUB_TOKEN
pivotaltracker tokens Github token usually set by homebrew users
PT_TOKEN language:bash HOMEBREW_GITHUB_API_TOKEN language:shell
Amazon RDS possible credentials Heroku api keys
rds.amazonaws.com password HEROKU_API_KEY language:shell
possible salesforce credentials Heroku api keys in json files
SF_USERNAME salesforce HEROKU_API_KEY language:json
Shodan API keys (try other languages too) MLAB Hosted MongoDB Credentials
shodan_api_key language:python .mlab.com password
Slack bot and private tokens Slack services URL often have secret API token as a suffix
xoxp OR xoxb "https://hooks.slack.com/services/"
WinFrame-Client infos needed by users to connect toCitrix Application Servers Telegram API token
[WFClient] Password= extension:ica "api_hash" "api_id"
Finding API
Git-Secrets
Gittyleaks Git-All-Secrets
private keys
Trufflehog Gitrob
extension:pem private
GitDorker Github-Dorks
puttygen private keys mongolab credentials in json configs
Git-Hound ShhGit
extension:ppk private extension:json mongolab.com
Repo Security Scanner GitGraber
mysql dump OAuth credentials for accessing Google APIs
Tools
extension:sql mysql dump extension:json googleusercontent client_secret
mysql dump look for password; you can try varieties Redis credentials provided by Redis Labs found in a JSON file
org:Target "bucket_name" extension:sql mysql dump password extension:json cloud.redislabs.com
org:Target "S3_ACCESS_KEY_ID" org:Target "aws_secret_key" Redis credentials provided by Redis Labs found in a YAML file try variations, find api keys/secrets
org:Target "S3_BUCKET" org:Target "aws_access_key" extension:yaml cloud.redislabs.com extension:json api.forecast.io
org:Target "S3_ENDPOINT" org:Target "list_aws_accounts" mongolab credentials in yaml configs (try with yml) Contains license keys for Avast! Antivirus
org:Target "S3_SECRET_ACCESS_KEY" org:Target "AWS_ACCESS_KEY_ID" extension:yaml mongolab.com extension:avastlic "support.avast.com"
AWS/S3 Recon Finding Extensions
Github Dorks
@hackinarticles
https://github.com/Ignitetechnologies
https://in.linkedin.com/company/hackingarticles
Finding Files
filename:_netrc password filename:.bashrc mailchimp
netrc that possibly holds sensitive credentials variation of above (try more variations)
filename:wp-config.php filename:.bashrc password
wordpress config files search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:WebServers.xml filename:.bash_history
Created by Jetbrains IDEs, contains webserver credentials with encoded Bash history file
passwords (not encrypted!)
filename:.bash_profile aws
filename:ventrilo_srv.ini
aws access and secret keys
Ventrilo configuration
filename:.cshrc
filename:sshd_config
RC file for csh shell
OpenSSH server config
filename:.dockercfg auth
filename:shadow path:etc
docker registry authentication data
Contains encrypted passwords and account information of new unix systems
filename:.env DB_USERNAME NOT homestead
filename:sftp.json path:.vscode
laravel .env (CI, various ruby based frameworks too)
Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:.env MAIL_HOST=smtp.gmail.com
filename:sftp-config.json
gmail smtp configuration (try different smtp services too)
Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server
details and credentials filename:.esmtprc password
filename:settings.py SECRET_KEY esmtp configuration
Django secret keys (usually allows for session hijacking, RCE, etc) filename:.ftpconfig
filename:server.cfg rcon password Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
Counter Strike RCON Passwords filename:.git-credentials
filename:secrets.yml password git credentials store, add NOT username for more valid results
Usernames/passwords, Rails applications filename:.history
filename:robomongo.json history file (often used by many tools)
mongodb credentials file used by robomongo filename:.htpasswd
filename:recentservers.xml Pass htpasswd files
filezilla config file with possible user/pass to ftp filename:.netrc password
filename:proftpdpasswd netrc that possibly holds sensitive credentials
Usernames and passwords of proftpd created by cpanel filename:.npmrc _auth
filename:prod.secret.exs npm registry authentication data
Phoenix prod secret filename:.pgpass
filename:prod.exs NOT prod.secret.exs PostgreSQL file which can contain passwords
Phoenix prod configuration file filename:.remote-sync.json
filename:passwd path:etc Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH
server details and credentials
Contains user account information including encrypted passwords of
traditional unix systems filename:.s3cfg
filename:master.key path:config might return false negatives with dummy values
Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+) filename:.sh_history
filename:logins.json korn shell history
Firefox saved password collection (key3.db usually in same repo) filename:.tugboat NOT _tugboat
filename:id_rsa or filename:id_dsa Digital Ocean tugboat config
private ssh keys filename:CCCam.cfg
filename:idea14.key CCCam Server config file
IntelliJ Idea 14 key, try variations for other versions filename:config irc_pass
filename:hub oauth_token possible IRC config
hub config that stores github tokens filename:config.json auths
filename:gitlab-recovery-codes.txt docker registry authentication data
GitLab recovery key filename:config.php dbpasswd
filename:github-recovery-codes.txt PHP application database password (e.g., phpBB forum software)
GitHub recovery key filename:configuration.php JConfig password
filename:filezilla.xml Pass Joomla configuration file
filezilla config file with possible user/pass to ftp filename:connections.xml
filename:express.conf path:.openshift possible db connections configuration, try variations to be specific
openshift config, only email and server thou filename:credentials aws_access_key_id
filename:discord_backup_codes.txt might return false negatives with dummy values
Discord recovery key filename:dbeaver-data-sources.xml
filename:dhcpd.conf DBeaver config containing MySQL Credentials
DHCP service config filename:deployment-config.json
Created by sftp-deployment for Atom, contains server details and credentials
