Possible IRC login passwords possible salesforce credentials in nodejs projects
msg nickserv identify filename:config jsforce extension:js [Link]
Drupal website database credentials Github tokens used for jekyll
path:sites databases password JEKYLL_GITHUB_TOKEN
pivotaltracker tokens Github token usually set by homebrew users
PT_TOKEN language:bash HOMEBREW_GITHUB_API_TOKEN language:shell
Amazon RDS possible credentials Heroku api keys
[Link] password HEROKU_API_KEY language:shell
possible salesforce credentials Heroku api keys in json files
SF_USERNAME salesforce HEROKU_API_KEY language:json
Shodan API keys (try other languages too) MLAB Hosted MongoDB Credentials
shodan_api_key language:python .[Link] password
Slack bot and private tokens Slack services URL often have secret API token as a suffix
xoxp OR xoxb "[Link]
WinFrame-Client infos needed by users to connect toCitrix Application Servers Telegram API token
[WFClient] Password= extension:ica "api_hash" "api_id"
Finding API
Git-Secrets
Gittyleaks Git-All-Secrets
private keys
Trufflehog Gitrob
extension:pem private
GitDorker Github-Dorks
puttygen private keys mongolab credentials in json configs
Git-Hound ShhGit
extension:ppk private extension:json [Link]
Repo Security Scanner GitGraber
mysql dump OAuth credentials for accessing Google APIs
Tools
extension:sql mysql dump extension:json googleusercontent client_secret
mysql dump look for password; you can try varieties Redis credentials provided by Redis Labs found in a JSON file
org:Target "bucket_name" extension:sql mysql dump password extension:json [Link]
org:Target "S3_ACCESS_KEY_ID" org:Target "aws_secret_key" Redis credentials provided by Redis Labs found in a YAML file try variations, find api keys/secrets
org:Target "S3_BUCKET" org:Target "aws_access_key" extension:yaml [Link] extension:json [Link]
org:Target "S3_ENDPOINT" org:Target "list_aws_accounts" mongolab credentials in yaml configs (try with yml) Contains license keys for Avast! Antivirus
org:Target "S3_SECRET_ACCESS_KEY" org:Target "AWS_ACCESS_KEY_ID" extension:yaml [Link] extension:avastlic "[Link]"
AWS/S3 Recon Finding Extensions
Github Dorks
@hackinarticles
[Link]
[Link]
Finding Files
filename:_netrc password filename:.bashrc mailchimp
netrc that possibly holds sensitive credentials variation of above (try more variations)
filename:[Link] filename:.bashrc password
wordpress config files search for passwords, etc. in .bashrc (try with .bash_profile too)
filename:[Link] filename:.bash_history
Created by Jetbrains IDEs, contains webserver credentials with encoded Bash history file
passwords (not encrypted!)
filename:.bash_profile aws
filename:ventrilo_srv.ini
aws access and secret keys
Ventrilo configuration
filename:.cshrc
filename:sshd_config
RC file for csh shell
OpenSSH server config
filename:.dockercfg auth
filename:shadow path:etc
docker registry authentication data
Contains encrypted passwords and account information of new unix systems
filename:.env DB_USERNAME NOT homestead
filename:[Link] path:.vscode
laravel .env (CI, various ruby based frameworks too)
Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:.env MAIL_HOST=[Link]
filename:[Link]
gmail smtp configuration (try different smtp services too)
Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server
details and credentials filename:.esmtprc password
filename:[Link] SECRET_KEY esmtp configuration
Django secret keys (usually allows for session hijacking, RCE, etc) filename:.ftpconfig
filename:[Link] rcon password Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials
Counter Strike RCON Passwords filename:.git-credentials
filename:[Link] password git credentials store, add NOT username for more valid results
Usernames/passwords, Rails applications filename:.history
filename:[Link] history file (often used by many tools)
mongodb credentials file used by robomongo filename:.htpasswd
filename:[Link] Pass htpasswd files
filezilla config file with possible user/pass to ftp filename:.netrc password
filename:proftpdpasswd netrc that possibly holds sensitive credentials
Usernames and passwords of proftpd created by cpanel filename:.npmrc _auth
filename:[Link] npm registry authentication data
Phoenix prod secret filename:.pgpass
filename:[Link] NOT [Link] PostgreSQL file which can contain passwords
Phoenix prod configuration file filename:.[Link]
filename:passwd path:etc Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH
server details and credentials
Contains user account information including encrypted passwords of
traditional unix systems filename:.s3cfg
filename:[Link] path:config might return false negatives with dummy values
Rails master key (used for decrypting [Link] for Rails 5.2+) filename:.sh_history
filename:[Link] korn shell history
Firefox saved password collection ([Link] usually in same repo) filename:.tugboat NOT _tugboat
filename:id_rsa or filename:id_dsa Digital Ocean tugboat config
private ssh keys filename:[Link]
filename:[Link] CCCam Server config file
IntelliJ Idea 14 key, try variations for other versions filename:config irc_pass
filename:hub oauth_token possible IRC config
hub config that stores github tokens filename:[Link] auths
filename:[Link] docker registry authentication data
GitLab recovery key filename:[Link] dbpasswd
filename:[Link] PHP application database password (e.g., phpBB forum software)
GitHub recovery key filename:[Link] JConfig password
filename:[Link] Pass Joomla configuration file
filezilla config file with possible user/pass to ftp filename:[Link]
filename:[Link] path:.openshift possible db connections configuration, try variations to be specific
openshift config, only email and server thou filename:credentials aws_access_key_id
filename:discord_backup_codes.txt might return false negatives with dummy values
Discord recovery key filename:[Link]
filename:[Link] DBeaver config containing MySQL Credentials
DHCP service config filename:[Link]
Created by sftp-deployment for Atom, contains server details and credentials
