Skip to content

Instantly share code, notes, and snippets.

View spezifanta's full-sized avatar
🚀
Automate all the things

Alex Kuhrt spezifanta

🚀
Automate all the things
View GitHub Profile

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@mkyt
mkyt / fix-pages-metadata-conflicts.py
Last active December 6, 2022 15:36
Fix merge conflicts for `pages-metadata.edn` of LogSeq data directory
#!/usr/bin/env python3
from pathlib import Path
from typing import Union, Tuple, List, NamedTuple, Dict
import sys
class Block(NamedTuple):
name: str
created: int
updated: int

FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.


Effective Engineer - Notes

What's an Effective Engineer?

@avafloww
avafloww / PhpJava.java
Last active June 13, 2024 07:36
This snippet of code is syntactically valid in both PHP and Java, and produces the same output in both.
/*<?php
//*/public class PhpJava { public static void main(String[] args) { System.out.printf("/*%s",
//\u000A\u002F\u002A
class PhpJava {
static function main() {
echo(//\u000A\u002A\u002F
"Hello World!");
}}
//\u000A\u002F\u002A
PhpJava::main();
@1wErt3r
1wErt3r / SMBDIS.ASM
Created November 9, 2012 22:27
A Comprehensive Super Mario Bros. Disassembly
;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
;by doppelganger ([email protected])
;This file is provided for your own use as-is. It will require the character rom data
;and an iNES file header to get it to work.
;There are so many people I have to thank for this, that taking all the credit for
;myself would be an unforgivable act of arrogance. Without their help this would
;probably not be possible. So I thank all the peeps in the nesdev scene whose insight into
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no