Discover gists

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

MacTeX Installation Guide

1. Download Instructions

MacTeX can be downloaded from these official sources:

Primary: MacTeX.pkg from tug.org
Mirror: CTAN MacTeX distribution

System requirements:

macOS 10.15 (Catalina) or later

ZSH CheatSheet

This is a cheat sheet for how to perform various actions to ZSH, which can be tricky to find on the web as the syntax is not intuitive and it is generally not very well-documented.

Strings

Description	Syntax
Get the length of a string	`${#VARNAME}`
Get a single character	`${VARNAME[index]}`

Flutter Móvil - Instalaciones recomendadas

Descargar las hojas de atajos recomendadas:

Guías de atajos - Dart

People

`:bowtie:`	😄 `:smile:`	😆 `:laughing:`
😊 `:blush:`	😃 `:smiley:`	☺️ `:relaxed:`
😏 `:smirk:`	😍 `:heart_eyes:`	😘 `:kissing_heart:`
😚 `:kissing_closed_eyes:`	😳 `:flushed:`	😌 `:relieved:`
😆 `:satisfied:`	😁 `:grin:`	😉 `:wink:`
😜 `:stuck_out_tongue_winking_eye:`	😝 `:stuck_out_tongue_closed_eyes:`	😀 `:grinning:`
😗 `:kissing:`	😙 `:kissing_smiling_eyes:`	😛 `:stuck_out_tongue:`

	import pandas as pd
	from datetime import date, timedelta, datetime
	from datetime import time as datetime_time

	def recent_trade_day(d: date \| None = None) -> str:
	"""
	返回最近的完整交易日：
	- 若未指定日期，使用当前时间判断
	- 若指定日期，基于该日期判断最近的交易日
	"""

	extends Resource
	class_name As

	static func demo_usage():
	print("These are booleans: %s %s"
	% [tf(true), tf(false)])
	print("These are numbers: %s %s"
	% [comma_int(1234), comma(1234.567, 2)])
	print("This is scientific: %s %s"
	% [scientific(0.000123), scientific(1234.56)])

	标题：[八卦江湖]感谢这样一个极品的朋友给我带来了这样一个悲情的国庆，深度八做留
	恋。
	作者：蓉荣板块：娱乐八卦
	首发：2010-10-05 11:45:00

	××××××××××××××××××××××××××××××××××××××
	日期：2010-10-05 11:45:00

	首先，祝大家国庆节快乐！虽然我国庆节过的非常悲剧。

	set-executionpolicy -executionpolicy remotesigned
	winrm quickconfig -q
	winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="512"}'
	winrm set winrm/config '@{MaxTimeoutms="1800000"}'
	winrm set winrm/config/service '@{AllowUnencrypted="true"}'
	winrm set winrm/config/service/auth '@{Basic="true"}'

	##### 使用说明 #####
	# 1. 请填写 proxy-providers - subscribe - url 为订阅链接
	# 2. 下载 https://github.com/Loyalsoldier/clash-rules/archive/refs/heads/release.zip 并解压至 ./profiles/ruleset 文件夹下
	# 3. 若需要自动更新 ruleset, 请编辑 rule-providers-config - type 为 http

	##### 参考链接 #####
	# 1. clash 样例配置文件
	# https://lancellc.gitbook.io/clash/clash-config-file/an-example-configuration-file
	# 2. clash 规则集
	# https://github.com/Loyalsoldier/clash-rules