Spaces:

Jack698
/

GitDorker

Sleeping

App Files Files Community

Jack698 commited on Nov 1, 2025

Commit

8d0d683

verified ·

1 Parent(s): e8553b8

Upload folder using huggingface_hub

Browse files

Files changed (14) hide show

.gitattributes +3 -0
Dockerfile +24 -0
Dorks/alldorksv3 +513 -0
Dorks/medium_dorks.txt +240 -0
GitDorker Help.png +3 -0
GitDorker Results.png +3 -0
GitDorker Usage Example - Tesla.png +3 -0
GitDorker.png +0 -0
GitDorker.py +632 -0
README.md +85 -5
app.py +101 -0
dummycreds +12 -0
requirements.txt +7 -0
tf/TOKENSFILE +0 -0

.gitattributes CHANGED Viewed

@@ -33,3 +33,6 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text

 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+GitDorker[[:space:]]Help.png filter=lfs diff=lfs merge=lfs -text
+GitDorker[[:space:]]Results.png filter=lfs diff=lfs merge=lfs -text
+GitDorker[[:space:]]Usage[[:space:]]Example[[:space:]]-[[:space:]]Tesla.png filter=lfs diff=lfs merge=lfs -text

Dockerfile ADDED Viewed

	@@ -0,0 +1,24 @@

+# Use an official Python runtime as a parent image
+FROM python:3.9-slim
+# Set the working directory in the container
+WORKDIR /app
+# Copy the current directory contents into the container at /app
+# This includes GitDorker.py, app.py, Dorks/, requirements.txt, etc.
+COPY . .
+# Install any needed packages specified in requirements.txt
+# The --no-cache-dir option is used to reduce the image size
+RUN pip install --no-cache-dir -r requirements.txt
+# Make port 7860 available to the world outside this container
+# This is the default port Hugging Face Spaces uses
+EXPOSE 7860
+# Define environment variable
+ENV NAME GitDorker
+# Run app.py when the container launches
+# Uvicorn is the server that will run our FastAPI application
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

Dorks/alldorksv3 ADDED Viewed

	@@ -0,0 +1,513 @@

+.mlab.com password
+WFClient Password extension:ica
+access_key
+access_token
+admin_pass
+admin_user
+algolia_admin_key
+algolia_api_key
+alias_pass
+alicloud_access_key
+amazon_secret_access_key
+amazonaws
+ansible_vault_password
+aos_key
+api_key
+api_key_secret
+api_key_sid
+api_secret
+api.googlemaps AIza
+apidocs
+apikey
+apiSecret
+app_debug
+app_id
+app_key
+app_log_level
+app_secret
+appkey
+appkeysecret
+application_key
+appsecret
+appspot
+auth_token
+authorizationToken
+authsecret
+aws_access
+aws_access_key_id
+aws_bucket
+aws_key
+aws_secret
+aws_secret_key
+aws_token
+AWSSecretKey
+b2_app_key
+bashrc password
+bintray_apikey
+bintray_gpg_password
+bintray_key
+bintraykey
+bluemix_api_key
+bluemix_pass
+browserstack_access_key
+bucket_password
+bucketeer_aws_access_key_id
+bucketeer_aws_secret_access_key
+built_branch_deploy_key
+bx_password
+cache_driver
+cache_s3_secret_key
+cattle_access_key
+cattle_secret_key
+certificate_password
+ci_deploy_password
+client_secret
+client_zpk_secret_key
+clojars_password
+cloud_api_key
+cloud_watch_aws_access_key
+cloudant_password
+cloudflare_api_key
+cloudflare_auth_key
+cloudinary_api_secret
+cloudinary_name
+codecov_token
+config
+conn.login
+connectionstring
+consumer_key
+consumer_secret
+credentials
+cypress_record_key
+database_password
+database_schema_test
+datadog_api_key
+datadog_app_key
+db_password
+db_server
+db_username
+dbpasswd
+dbpassword
+dbuser
+deploy_password
+digitalocean_ssh_key_body
+digitalocean_ssh_key_ids
+docker_hub_password
+docker_key
+docker_pass
+docker_passwd
+docker_password
+dockerhub_password
+dockerhubpassword
+dot-files
+dotfiles
+droplet_travis_password
+dynamoaccesskeyid
+dynamosecretaccesskey
+elastica_host
+elastica_port
+elasticsearch_password
+encryption_key
+encryption_password
+env.heroku_api_key
+env.sonatype_password
+eureka.awssecretkey
+extension:avastlic support.avast.com
+extension:bat
+extension:cfg
+extension:dbeaver-data-sources.xml
+extension:env
+extension:exs
+extension:ini
+extension:json api.forecast.io
+extension:json googleusercontent client_secret
+extension:json mongolab.com
+extension:pem
+extension:pem private
+extension:ppk
+extension:ppk private
+extension:properties
+extension:sh
+extension:sls
+extension:sql
+extension:sql mysql dump
+extension:sql mysql dump password
+extension:yaml mongolab.com
+extension:zsh
+fabricApiSecret
+facebook_secret
+fb_secret
+filename:_netrc password
+filename:.bash_history
+filename:.bash_profile aws
+filename:.bashrc mailchimp
+filename:.bashrc password
+filename:.cshrc
+filename:.dockercfg auth
+filename:.env DB_USERNAME NOT homestead
+filename:.env MAIL_HOSTsmtp.gmail.com
+filename:.esmtprc password
+filename:.ftpconfig
+filename:.git-credentials
+filename:.history
+filename:.htpasswd
+filename:.netrc password
+filename:.npmrc _auth
+filename:.pgpass
+filename:.remote-sync.json
+filename:.s3cfg
+filename:.sh_history
+filename:.tugboat NOT _tugboat
+filename:bash
+filename:bash_history
+filename:bash_profile
+filename:bashrc
+filename:beanstalkd.yml
+filename:CCCam.cfg
+filename:composer.json
+filename:config
+filename:config irc_pass
+filename:config.json auths
+filename:config.php dbpasswd
+filename:configuration.php JConfig password
+filename:connections
+filename:connections.xml
+filename:constants
+filename:credentials
+filename:credentials aws_access_key_id
+filename:cshrc
+filename:database
+filename:dbeaver-data-sources.xml
+filename:deploy.rake
+filename:deployment-config.json
+filename:dhcpd.conf
+filename:dockercfg
+filename:env
+filename:environment
+filename:express.conf
+filename:express.conf path:.openshift
+filename:filezilla.xml
+filename:filezilla.xml Pass
+filename:git-credentials
+filename:gitconfig
+filename:global
+filename:history
+filename:htpasswd
+filename:hub oauth_token
+filename:id_dsa
+filename:id_rsa
+filename:id_rsa or filename:id_dsa
+filename:idea14.key
+filename:known_hosts
+filename:logins.json
+filename:makefile
+filename:master.key path:config
+filename:netrc
+filename:npmrc
+filename:pass
+filename:passwd path:etc
+filename:pgpass
+filename:prod.exs
+filename:prod.exs NOT prod.secret.exs
+filename:prod.secret.exs
+filename:proftpdpasswd
+filename:recentservers.xml
+filename:recentservers.xml Pass
+filename:robomongo.json
+filename:s3cfg
+filename:secrets.yml password
+filename:server.cfg
+filename:server.cfg rcon password
+filename:settings
+filename:settings.py SECRET_KEY
+filename:sftp-config.json
+filename:sftp.json path:.vscode
+filename:shadow
+filename:shadow path:etc
+filename:spec
+filename:sshd_config
+filename:tugboat
+filename:ventrilo_srv.ini
+filename:WebServers.xml
+filename:wp-config
+filename:wp-config.php
+filename:zhrc
+firebase
+flickr_api_key
+fossa_api_key
+ftp
+ftp_password
+gatsby_wordpress_base_url
+gatsby_wordpress_client_id
+gatsby_wordpress_user
+gh_api_key
+gh_token
+ghost_api_key
+github_api_key
+github_deploy_hb_doc_pass
+github_id
+github_key
+github_password
+github_token
+gitlab
+gmail_password
+gmail_username
+google_maps_api_key
+google_private_key
+google_secret
+google_server_key
+gpg_key_name
+gpg_keyname
+gpg_passphrase
+HEROKU_API_KEY language:json
+HEROKU_API_KEY language:shell
+heroku_oauth
+heroku_oauth_secret
+heroku_oauth_token
+heroku_secret
+heroku_secret_token
+herokuapp
+HOMEBREW_GITHUB_API_TOKEN language:shell
+htaccess_pass
+htaccess_user
+incident_channel_name
+internal
+irc_pass
+JEKYLL_GITHUB_TOKEN
+jsforce extension:js conn.login
+jwt_client_secret_key
+jwt_lookup_secert_key
+jwt_password
+jwt_secret
+jwt_secret_key
+jwt_token
+jwt_user
+jwt_web_secert_key
+jwt_xmpp_secert_key
+key
+keyPassword
+language:yaml -filename:travis
+ldap_password
+ldap_username
+linux_signing_key
+ll_shared_key
+location_protocol
+log_channel
+login
+lottie_happo_api_key
+lottie_happo_secret_key
+lottie_s3_api_key
+lottie_s3_secret_key
+magento password
+mail_password
+mail_port
+mailchimp
+mailchimp_api_key
+mailchimp_key
+mailgun
+mailgun apikey
+mailgun_key
+mailgun_password
+mailgun_priv_key
+mailgun_secret_api_key
+manage_key
+mandrill_api_key
+mapbox api key
+master_key
+mg_api_key
+mg_public_api_key
+mh_apikey
+mh_password
+mile_zero_key
+minio_access_key
+minio_secret_key
+mix_pusher_app_cluster
+mix_pusher_app_key
+msg nickserv identify filename:config
+mydotfiles
+mysql
+mysql password
+mysql_root_password
+netlify_api_key
+nexus password
+nexus_password
+node_env
+node_pre_gyp_accesskeyid
+node_pre_gyp_secretaccesskey
+npm_api_key
+npm_password
+npm_secret_key
+npmrc _auth
+nuget_api_key
+nuget_apikey
+nuget_key
+oauth_token
+object_storage_password
+octest_app_password
+octest_password
+okta_key
+omise_key
+onesignal_api_key
+onesignal_user_auth_key
+openwhisk_key
+org_gradle_project_sonatype_nexus_password
+org_project_gradle_sonatype_nexus_password
+os_password
+ossrh_jira_password
+ossrh_pass
+ossrh_password
+pagerduty_apikey
+parse_js_key
+pass
+passwd
+password
+password travis
+passwords
+path:sites databases password
+paypal_secret
+paypal_token
+pem private
+personal_key
+playbooks_url
+plotly_apikey
+plugin_password
+postgres_env_postgres_password
+postgresql_pass
+preprod
+private
+private -language:java
+private_key
+private_signing_password
+prod
+prod_password
+prod.access.key.id
+prod.secret.key
+PT_TOKEN language:bash
+publish_key
+pusher_app_id
+pwd
+queue_driver
+rabbitmq_password
+rds.amazonaws.com password
+redis_password
+response_auth_jwt_secret
+rest_api_key
+rinkeby_private_key
+root_password
+ropsten_private_key
+route53_access_key_id
+rtd_key_pass
+rtd_store_pass
+s3_access_key
+s3_access_key_id
+s3_key
+s3_key_app_logs
+s3_key_assets
+s3_secret_key
+salesforce_password
+sandbox_aws_access_key_id
+sandbox_aws_secret_access_key
+sauce_access_key
+secret
+secret access key
+secret_access_key
+secret_bearer
+secret_key
+secret_key_base
+secret_token
+secret.password
+secretaccesskey
+secretkey
+secrets
+secure
+security_credentials
+send_keys
+send.keys
+sendgrid_api_key
+sendgrid_key
+sendgrid_password
+sendkeys
+ses_access_key
+ses_secret_key
+setdstaccesskey
+setsecretkey
+sf_username
+SF_USERNAME salesforce
+shodan_api_key language:python
+sid_token
+signing_key_password
+signing_key_secret
+slack_api
+slack_channel
+slack_key
+slack_outgoing_token
+slack_signing_secret
+slack_token
+slack_webhook
+slash_developer_space_key
+snoowrap_password
+socrata_password
+sonar_organization_key
+sonar_project_key
+sonatype_password
+sonatype_token_password
+soundcloud_password
+sql_password
+sqsaccesskey
+square_access_token
+square_token
+squareSecret
+ssh
+ssh2_auth_password
+sshpass
+staging
+stg
+storePassword
+stormpath_api_key_id
+stormpath_api_key_secret
+strip_key
+strip_secret_key
+stripe
+stripe_key
+stripe_secret
+stripToken
+svn_pass
+swagger
+tesco_api_key
+tester_keys_password
+testuser
+thera_oss_access_key
+token
+trusted_hosts
+twilio_account_sid
+twilio_accountsid
+twilio_api_key
+twilio_api_secret
+twilio_secret
+twilio_secret_token
+TWILIO_SID NOT env
+twilio_token
+twilioapiauth
+twiliosecret
+twine_password
+twitter_secret
+twitterKey
+x-api-key
+xoxb
+xoxp
+zen_tkn
+zen_token
+zendesk_url
+twilio secret
+twilio_account_id
+twilio_account_secret
+twilio_acount_sid NOT env
+twilio_api
+twilio_api_auth
+twilio_api_sid
+twilio_api_token
+zen_key
+zendesk_api_token
+zendesk_key
+zendesk_token
+zendesk_username

Dorks/medium_dorks.txt ADDED Viewed

	@@ -0,0 +1,240 @@

+".mlab.com password"
+"AWSSecretKey"
+"JEKYLL_GITHUB_TOKEN"
+"SF_USERNAME salesforce"
+"access_key"
+"access_token"
+"amazonaws"
+"apiSecret"
+"api_key"
+"api_secret"
+"apidocs"
+"apikey"
+"app_key"
+"app_secret"
+"appkey"
+"appkeysecret"
+"application_key"
+"appsecret"
+"appspot"
+"auth"
+"auth_token"
+"authorizationToken"
+"aws_access"
+"aws_access_key_id"
+"aws_key"
+"aws_secret"
+"aws_token"
+"bashrc password"
+"bucket_password"
+"client_secret"
+"cloudfront"
+"codecov_token"
+"config"
+"conn.login"
+"connectionstring"
+"consumer_key"
+"credentials"
+"database_password"
+"db_password"
+"db_username"
+"dbpasswd"
+"dbpassword"
+"dbuser"
+"dot-files"
+"dotfiles"
+"encryption_key"
+"fabricApiSecret"
+"fb_secret"
+"firebase"
+"ftp"
+"gh_token"
+"github_key"
+"github_token"
+"gitlab"
+"gmail_password"
+"gmail_username"
+"api.googlemaps AIza"
+"herokuapp"
+"internal"
+"irc_pass"
+"key"
+"keyPassword"
+"ldap_password"
+"ldap_username"
+"login"
+"mailchimp"
+"mailgun"
+"master_key"
+"mydotfiles"
+"mysql"
+"node_env"
+"npmrc _auth"
+"oauth_token"
+"pass"
+"passwd"
+"password"
+"passwords"
+"pem private"
+"preprod"
+"private_key"
+"prod"
+"pwd"
+"pwds"
+"rds.amazonaws.com password"
+"redis_password"
+"root_password"
+"secret"
+"secret.password"
+"secret_access_key"
+"secret_key"
+"secret_token"
+"secrets"
+"secure"
+"security_credentials"
+"send.keys"
+"send_keys"
+"sendkeys"
+"sf_username"
+"slack_api"
+"slack_token"
+"sql_password"
+"ssh"
+"ssh2_auth_password"
+"sshpass"
+"staging"
+"stg"
+"storePassword"
+"stripe"
+"swagger"
+"testuser"
+"token"
+"x-api-key"
+"xoxp"
+"xoxb "
+HEROKU_API_KEY language:json
+HEROKU_API_KEY language:shell
+HOMEBREW_GITHUB_API_TOKEN language:shell
+PT_TOKEN language:bash
+[WFClient] Password= extension:ica
+extension:avastlic "support.avast.com"
+extension:bat
+extension:cfg
+extension:env
+extension:exs
+extension:ini
+extension:json api.forecast.io
+extension:json googleusercontent client_secret
+extension:json mongolab.com
+extension:pem
+extension:pem private
+extension:ppk
+extension:ppk private
+extension:properties
+extension:sh
+extension:sls
+extension:sql
+extension:sql mysql dump
+extension:sql mysql dump password
+extension:yaml mongolab.com
+extension:zsh
+filename:.bash_history
+filename:.bash_profile aws
+filename:.bashrc mailchimp
+filename:.bashrc password
+filename:.cshrc
+filename:.dockercfg auth
+filename:.env DB_USERNAME NOT homestead
+filename:.env MAIL_HOST=smtp.gmail.com
+filename:.esmtprc password
+filename:.ftpconfig
+filename:.git-credentials
+filename:.history
+filename:.htpasswd
+filename:.netrc password
+filename:.npmrc _auth
+filename:.pgpass
+filename:.remote-sync.json
+filename:.s3cfg
+filename:.sh_history
+filename:.tugboat NOT _tugboat
+filename:CCCam.cfg
+filename:WebServers.xml
+filename:_netrc password
+filename:bash
+filename:bash_history
+filename:bash_profile
+filename:bashrc
+filename:beanstalkd.yml
+filename:composer.json
+filename:config
+filename:config irc_pass
+filename:config.json auths
+filename:config.php dbpasswd
+filename:configuration.php JConfig password
+filename:connections
+filename:connections.xml
+filename:constants
+filename:credentials
+filename:credentials aws_access_key_id
+filename:cshrc
+filename:database
+filename:dbeaver-data-sources.xml
+filename:deploy.rake
+filename:deployment-config.json
+filename:dhcpd.conf
+filename:dockercfg
+filename:environment
+filename:express.conf
+filename:express.conf path:.openshift
+filename:filezilla.xml
+filename:filezilla.xml Pass
+filename:git-credentials
+filename:gitconfig
+filename:global
+filename:history
+filename:htpasswd
+filename:hub oauth_token
+filename:id_dsa
+filename:id_rsa
+filename:id_rsa or filename:id_dsa
+filename:idea14.key
+filename:known_hosts
+filename:logins.json
+filename:makefile
+filename:master.key path:config
+filename:netrc
+filename:npmrc
+filename:pass
+filename:passwd path:etc
+filename:pgpass
+filename:prod.exs
+filename:prod.exs NOT prod.secret.exs
+filename:prod.secret.exs
+filename:proftpdpasswd
+filename:recentservers.xml
+filename:recentservers.xml Pass
+filename:robomongo.json
+filename:s3cfg
+filename:secrets.yml password
+filename:server.cfg
+filename:server.cfg rcon password
+filename:settings
+filename:settings.py SECRET_KEY
+filename:sftp-config.json
+filename:sftp.json path:.vscode
+filename:shadow
+filename:shadow path:etc
+filename:spec
+filename:sshd_config
+filename:tugboat
+filename:ventrilo_srv.ini
+filename:wp-config
+filename:wp-config.php
+filename:zhrc
+jsforce extension:js conn.login
+language:yaml -filename:travis
+msg nickserv identify filename:config
+path:sites databases password
+private -language:java
+shodan_api_key language:python

GitDorker Help.png ADDED Viewed

Git LFS Details

SHA256: 24bbb562d5dcc3fce8b3c09a9a2b48890131c3754fd2717f6d09d4003de3b041
Pointer size: 131 Bytes
Size of remote file: 352 kB

GitDorker Results.png ADDED Viewed

Git LFS Details

SHA256: 01f34a573c78d12d2afafa8b010de4f9b9c0c7e827b6894e74f6c38778cebb84
Pointer size: 131 Bytes
Size of remote file: 330 kB

GitDorker Usage Example - Tesla.png ADDED Viewed

Git LFS Details

SHA256: 20ad8ae456d3e50ba02e61d1392d74ed082385c96c6fe593bf8bf54d0067940d
Pointer size: 131 Bytes
Size of remote file: 323 kB

GitDorker.png ADDED Viewed

GitDorker.py ADDED Viewed

	@@ -0,0 +1,632 @@

+#!/usr/bin/python3
+# Credits: Modified GitHub Dorker using GitAPI and my personal compiled list of dorks across multiple resources. API Request structure modeled and modified and modified from Gwendal Le Coguic's scripts.
+# Author: Omar Bheda
+# Version: 1.1.3
+print("""
+  /$$$$$$  /$$   /$$           /$$$$$$$                      /$$
+ /$$__  $$|__/  | $$          | $$__  $$                    | $$
+| $$  \__/ /$$ /$$$$$$        | $$  \ $$  /$$$$$$   /$$$$$$ | $$   /$$  /$$$$$$   /$$$$$$
+| $$ /$$$$| $$|_  $$_/        | $$  | $$ /$$__  $$ /$$__  $$| $$  /$$/ /$$__  $$ /$$__  $$
+| $$|_  $$| $$  | $$          | $$  | $$| $$  \ $$| $$  \__/| $$$$$$/ | $$$$$$$$| $$  \__/
+| $$  \ $$| $$  | $$ /$$      | $$  | $$| $$  | $$| $$      | $$_  $$ | $$_____/| $$
+|  $$$$$$/| $$  |  $$$$/      | $$$$$$$/|  $$$$$$/| $$      | $$ \  $$|  $$$$$$$| $$
+ \______/ |__/   \___/        |_______/  \______/ |__/      |__/  \__/ \_______/|__/
+Find GitHub secrets utilizing a vast list of GitHub dorks and the GitHub search api. The
+purpose of this tool is to enumerate interesting users,repos, and files to provide an
+easy to read overview of where a potential sensitive information exposure may reside.
+HELP: python3 GitDorker.py -h
+""")
+# IMPORTS
+import sys
+import json
+import time
+import argparse
+import random
+import requests
+import csv
+from itertools import zip_longest
+from termcolor import colored
+from multiprocessing.dummy import Pool
+# API CONFIG
+GITHUB_API_URL = 'https://api.github.com'
+# PARSER CONFIG
+parser = argparse.ArgumentParser()
+parser.add_argument("-d", "--dorks", help="dorks file (required)")
+parser.add_argument("-k", "--keyword", help="search on a keyword instead of a list of dorks")
+parser.add_argument("-q", "--query", help="query (required or -q)")
+parser.add_argument("-qf", "--queryfile", help="query (required or -q)")
+parser.add_argument("-ri", "--recentlyindexed", action='store_true', help="sort results of queries from most recent first")
+parser.add_argument("-lb", "--limitbypass", action='store_true', help="increase requests per minute when using multiple tokens from UNIQUE accounts")
+parser.add_argument("-pf", "--patternfilter", action='store_true', help="filter out noise/patterns for test/example keys")
+parser.add_argument("-u", "--users", help="users to perform dork or keyword search on (comma separated).")
+parser.add_argument("-uf", "--userfile", help="file containing new line separated users")
+parser.add_argument("-org", "--organization",
+                    help="organization's GitHub name (required or -org if query not specified)")
+parser.add_argument("-t", "--token", help="your github token (required if token file not specififed)")
+parser.add_argument("-tf", "--tokenfile", help="file containing new line separated github tokens ")
+parser.add_argument("-e", "--threads", help="maximum n threads, default 1")
+parser.add_argument("-p", "--positiveresults", action='store_true', help="display positive results only")
+parser.add_argument("-o", "--output", help="output to file name (required or -o)")
+parser.parse_args()
+args = parser.parse_args()
+# DECLARE LISTS
+tokens_list = []
+dorks_list = []
+queries_list = []
+organizations_list = []
+users_list = []
+keywords_list = []
+# TOKEN ARGUMENT LOGIC
+if args.token:
+    tokens_list = args.token.split(',')
+if args.tokenfile:
+    with open(args.tokenfile) as f:
+        tokens_list = [i.strip() for i in f.read().splitlines() if i.strip()]
+# if not len(tokens_list):
+#     parser.error('auth token is missing')
+# USER ARGUMENT LOGIC
+if args.users:
+    users_list = args.users.split(',')
+if args.userfile:
+    with open(args.userfile) as f:
+        users_list = [i.strip() for i in f.read().splitlines() if i.strip()]
+if args.query:
+    queries_list = args.query.split(',')
+if args.queryfile:
+    with open(args.queryfile) as f:
+        queries_list = [i.strip() for i in f.read().splitlines() if i.strip()]
+if args.patternfilter:
+    patternfilter = " -fake -example -test -XXXX -1234 -ABCD"
+# if args.query and args.keyword:
+#     parser.error('you cannot specify both a query and a keyword, please specify one or the other.')
+#
+# if args.query and args.organization:
+#     parser.error('you cannot specify both a query and a organization, please specify one or the other.')
+if args.organization:
+    organizations_list = args.organization.split(',')
+if args.threads:
+    threads = int(args.threads)
+else:
+    threads = 1
+# if not args.query and not args.queryfile and not args.organization and not args.users and not args.userfile:
+#     parser.error('query or organization missing or users missing')
+if args.dorks:
+    fp = open(args.dorks, 'r')
+    for line in fp:
+        dorks_list.append(line.strip())
+if args.keyword:
+    keywords_list = args.keyword.split(',')
+if not args.dorks and not args.keyword:
+    parser.error('dorks file or keyword is missing')
+# NUMBER OF REQUESTS PER MINUTE (TOKENS MUST BE UNIQUE)
+requests_per_minute = (len(tokens_list) * 30) - 1
+# TOKEN ROUND ROBIN
+n = -1
+def token_round_robin():
+    global n
+    n = n + 1
+    if n == len(tokens_list):
+        n = 0
+    current_token = tokens_list[n]
+    return current_token
+# API SEARCH FUNCTION
+def api_search(url):
+    if args.dorks:  # UNDO COMPLETE! :)
+        if args.keyword:
+            sys.stdout.write(colored(
+                '\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dorking with Keyword In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']),
+                "green"))
+            sys.stdout.flush()
+        else:
+            sys.stdout.write(
+                colored('\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Dorking In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']), "green"))
+            sys.stdout.flush()
+    elif args.keyword and not args.dorks:
+        sys.stdout.write(
+            colored('\r[#] $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Keyword Search In Progress $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %d/%d\r' % (stats_dict['n_current'], stats_dict['n_total_urls']),
+                    "green"))
+        sys.stdout.flush()
+    stats_dict['n_current'] = stats_dict['n_current'] + 1
+    headers = {"Authorization": "token " + token_round_robin()}
+    try:
+        r = requests.get(url, headers=headers)
+        json = r.json()
+        if args.limitbypass:
+            if stats_dict['n_current'] % requests_per_minute == 0:
+                for remaining in range(63, 0, -1):
+                    sys.stdout.write("\r")
+                    sys.stdout.write(colored(
+                        "\r[#] (-_-)zzZZzzZZzzZZzzZZ sleeping to avoid rate limits. GitDorker will resume soon (-_-)zzZZzzZZzzZZzzZZ | {:2d} seconds remaining.\r".format(
+                            remaining), "blue"))
+                    sys.stdout.flush()
+                    time.sleep(1)
+        else:
+            if stats_dict['n_current'] % 29 == 0:
+                for remaining in range(63, 0, -1):
+                    sys.stdout.write("\r")
+                    sys.stdout.write(colored(
+                        "\r[#] (-_-)zzZZzzZZzzZZzzZZ sleeping to avoid rate limits. GitDorker will resume soon (-_-)zzZZzzZZzzZZzzZZ | {:2d} seconds remaining.\r".format(
+                            remaining), "blue"))
+                    sys.stdout.flush()
+                    time.sleep(1)
+        if 'documentation_url' in json:
+            print(colored("[-] error occurred: %s" % json['documentation_url'], 'red'))
+        else:
+            url_results_dict[url] = json['total_count']
+    except Exception as e:
+        print(colored("[-] error occurred: %s" % e, 'red'))
+        return 0
+# URL ENCODING FUNCTION
+def __urlencode(str):
+    str = str.replace(':', '%3A');
+    str = str.replace('"', '%22');
+    str = str.replace(' ', '+');
+    return str
+# DECLARE DICTIONARIES
+url_dict = {}
+results_dict = {}
+url_results_dict = {}
+stats_dict = {
+    'l_tokens': len(tokens_list),
+    'n_current': 0,
+    'n_total_urls': 0
+}
+# CREATE QUERIES
+for query in queries_list:
+    results_dict[query] = []
+    for dork in dorks_list:
+        if not args.patternfilter:
+            if ":" in query:
+                dork = "{}".format(query) + " " + dork
+            else:
+                dork = "{}".format(query) + " " + dork
+            url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+            results_dict[query].append(url)
+            url_dict[url] = 0
+        else:
+            if ":" in query:
+                dork = "{}".format(query) + " " + dork + patternfilter
+            else:
+                dork = "{}".format(query) + " " + dork + patternfilter
+            url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+            results_dict[query].append(url)
+            url_dict[url] = 0
+# CREATE ORGS
+for organization in organizations_list:
+    results_dict[organization] = []
+    for dork in dorks_list:
+        if not args.patternfilter:
+            dork = 'org:' + organization + ' ' + dork
+            url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+            results_dict[organization].append(url)
+            url_dict[url] = 0
+        else:
+            dork = 'org:' + organization + ' ' + dork + patternfilter
+            url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+            results_dict[organization].append(url)
+            url_dict[url] = 0
+#Create Users
+for user in users_list:
+    results_dict[user] = []
+    if args.dorks:
+        if args.keyword:
+            for dork in dorks_list:
+                for keyword in keywords_list:
+                    if not args.patternfilter:
+                        keyword_dork = 'user:' + user + ' ' + keyword + ' ' + dork
+                        url = 'https://api.github.com/search/code?q=' + __urlencode(keyword_dork)
+                        results_dict[user].append(url)
+                        url_dict[url] = 0
+                    else:
+                        keyword_dork = 'user:' + user + ' ' + keyword + ' ' + dork + patternfilter
+                        url = 'https://api.github.com/search/code?q=' + __urlencode(keyword_dork)
+                        results_dict[user].append(url)
+                        url_dict[url] = 0
+    if not args.keyword:
+        for dork in dorks_list:
+            if not args.patternfilter:
+                dork = 'user:' + user + ' ' + dork
+                url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+                results_dict[user].append(url)
+                url_dict[url] = 0
+            else:
+                dork = 'user:' + user + ' ' + dork + patternfilter
+                url = 'https://api.github.com/search/code?q=' + __urlencode(dork)
+                results_dict[user].append(url)
+                url_dict[url] = 0
+    if args.keyword and not args.dorks:
+        for keyword in keywords_list:
+            if not args.patternfilter:
+                keyword = 'user:' + user + ' ' + keyword
+                url = 'https://api.github.com/search/code?q=' + __urlencode(keyword)
+                results_dict[user].append(url)
+                url_dict[url] = 0
+            else:
+                keyword = 'user:' + user + ' ' + keyword + patternfilter
+                url = 'https://api.github.com/search/code?q=' + __urlencode(keyword)
+                results_dict[user].append(url)
+                url_dict[url] = 0
+# STATS
+stats_dict['n_total_urls'] = len(url_dict)
+print("""
+   ______       __
+  / __/ /____ _/ /____
+ _\ \/ __/ _ `/ __(_-<
+/___/\__/\_,_/\__/___/
+**********************
+""")
+sys.stdout.write(colored('[#] %d organizations found.\n' % len(organizations_list), 'cyan'))
+sys.stdout.write(colored('[#] %d users found.\n' % len(users_list), 'cyan'))
+sys.stdout.write(colored('[#] %d dorks found.\n' % len(dorks_list), 'cyan'))
+sys.stdout.write(colored('[#] %d keywords found.\n' % len(keywords_list), 'cyan'))
+sys.stdout.write(colored('[#] %d queries ran.\n' % len(queries_list), 'cyan'))
+sys.stdout.write(colored('[#] %d urls generated.\n' % len(url_dict), 'cyan'))
+sys.stdout.write(colored('[#] %d tokens being used.\n' % len(tokens_list), 'cyan'))
+sys.stdout.write(colored('[#] running %d threads.\n' % threads, 'cyan'))
+if args.limitbypass:
+    sys.stdout.write(colored('[#] %d requests per minute allowed\n' % requests_per_minute, 'cyan'))
+else:
+    sys.stdout.write(colored('[#] 29 requests per minute allowed\n', 'cyan'))
+print("")
+# SLEEP
+time.sleep(1)
+# POOL FUNCTION TO RUN API SEARCH
+pool = Pool(threads)
+pool.map(api_search, url_dict)
+pool.close()
+pool.join()
+# SET COUNT
+count = 0
+keyword_count = 0
+# SHOW RESULTS
+print("")
+print("""
+   ___               ____
+  / _ \___ ___ __ __/ / /____
+ / , _/ -_|_-</ // / / __(_-<
+/_/|_|\__/___/\_,_/_/\__/___/
+*****************************
+""")
+new_url_list = []
+result_number_list = []
+dork_name_list = []
+keyword_name_list = []
+user_list = []
+# DEFINE CONDITIONAL OUTPUT MARKERS
+sys.stdout.write(colored('[+] SUCCESS | RESULTS RETURNED ', 'green'))
+print("")
+normal = sys.stdout.write(colored('[#] NEUTRAL | NO RESULTS RETURNED', 'yellow'))
+print("")
+failure = sys.stdout.write(colored('[-] FAILURE | RATE LIMITS OR API FAILURE ', 'red'))
+print("")
+# RESULTS LOGIC FOR QUERIES
+for query in queries_list:
+    print("")
+    sys.stdout.write(colored('QUERY PROVIDED: %s' % (query), 'cyan'))
+    print("")
+    print("")
+    for url in results_dict[query]:
+        if url in url_results_dict:
+            if args.recentlyindexed:
+                new_url = url.replace('https://api.github.com/search/code',
+                                      'https://github.com/search') + '&s=indexed&type=Code&o=desc'
+            elif not args.recentlyindexed:
+                new_url = url.replace('https://api.github.com/search/code',
+                                      'https://github.com/search') + '&type=Code'
+            dork_name = dorks_list[count]
+            dork_info = 'DORK = ' + dork_name + ' | '
+            result_info = dork_info + new_url
+            if count < len(dorks_list)-1:
+                count = count + 1
+            else:
+                count = 0
+            if url_results_dict[url] == 0:
+                if args.positiveresults == False:
+                    result_number = url_results_dict[url]
+                    normal = sys.stdout.write(colored('[#] ', 'yellow'))
+                    sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                    sys.stdout.write(colored('%s' % (result_info), 'white'))
+                    new_url_list.append(new_url)
+                    result_number_list.append(result_number)
+                    dork_name_list.append(dork_name)
+                    print('')
+            else:
+                result_number = url_results_dict[url]
+                success = sys.stdout.write(colored('[+] ', 'green'))
+                sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                sys.stdout.write(colored('%s' % (result_info), 'white'))
+                new_url_list.append(new_url)
+                result_number_list.append(result_number)
+                dork_name_list.append(dork_name)
+                print('')
+        else:
+            failure = sys.stdout.write(colored('[-] ', 'red'))
+            sys.stdout.write(colored('%s' % new_url, 'white'))
+            count = count + 1
+            print('')
+# ADD KEYWORD TO OUTPUT TO BOTH DORKS AND ARGS
+for user in users_list:
+    print("")
+    sys.stdout.write(colored('USER PROVIDED: %s' % (user), 'cyan'))
+    print("")
+    if args.keyword and not args.dorks:
+        for url in results_dict[user]:
+            if url in url_results_dict:
+                if args.recentlyindexed:
+                    new_url = url.replace('https://api.github.com/search/code',
+                                          'https://github.com/search') + '&s=indexed&type=Code&o=desc'
+                elif not args.recentlyindexed:
+                    new_url = url.replace('https://api.github.com/search/code',
+                                          'https://github.com/search') + '&type=Code'
+                keyword_name = keywords_list[keyword_count]
+                keyword_info = 'KEYWORD = ' + keyword_name + ' | '
+                result_info = keyword_info + new_url
+                if len(keywords_list) - 1 != keyword_count:
+                    keyword_count = keyword_count + 1
+                else:
+                    keyword_count = 0
+                if url_results_dict[url] == 0:
+                    if args.positiveresults == False:
+                        result_number = url_results_dict[url]
+                        normal = sys.stdout.write(colored('[#] ', 'yellow'))
+                        sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                        sys.stdout.write(colored('%s' % (result_info), 'white'))
+                        new_url_list.append(new_url)
+                        result_number_list.append(result_number)
+                        keyword_name_list.append(keyword_name)
+                        user_list.append(user)
+                        print('')
+                else:
+                    result_number = url_results_dict[url]
+                    success = sys.stdout.write(colored('[+] ', 'green'))
+                    sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                    sys.stdout.write(colored('%s' % (result_info), 'white'))
+                    new_url_list.append(new_url)
+                    result_number_list.append(result_number)
+                    keyword_name_list.append(keyword_name)
+                    user_list.append(user)
+                    print('')
+            else:
+                failure = sys.stdout.write(colored('[-] ', 'red'))
+                keyword_name = keywords_list[keyword_count]
+                sys.stdout.write(colored('No KEYWORD: %s found for %s' % (keyword_name, user), 'white'))
+                if len(keywords_list) - 1 != keyword_count:
+                    keyword_count = keyword_count + 1
+                else:
+                    keyword_count = 0
+                # Potentially code in removal from list to prevent query offset
+                print('')
+    elif args.dorks:
+        count = 0
+        for url in results_dict[user]:
+            if url in url_results_dict:
+                if args.recentlyindexed:
+                    new_url = url.replace('https://api.github.com/search/code',
+                                          'https://github.com/search') + '&s=indexed&type=Code&o=desc'
+                elif not args.recentlyindexed:
+                    new_url = url.replace('https://api.github.com/search/code',
+                                          'https://github.com/search') + '&type=Code'
+                dork_name = dorks_list[count]
+                if args.keyword:
+                    keyword_name = keywords_list[keyword_count]
+                    dork_info = 'DORK = ' + dork_name + ' | KEYWORD = ' + keyword_name + ' | '
+                    result_info = dork_info + new_url
+                    if len(keywords_list) - 1 != keyword_count:
+                        keyword_count = keyword_count + 1
+                    else:
+                        keyword_count = 0
+                        count = count + 1
+                elif not args.keyword:
+                    count = count + 1
+                    dork_info = 'DORK = ' + dork_name + ' | '
+                    result_info = dork_info + new_url
+                if len(dorks_list) == count:
+                    count = 0
+                if url_results_dict[url] == 0:
+                    if args.positiveresults == False:
+                        result_number = url_results_dict[url]
+                        normal = sys.stdout.write(colored('[#] ', 'yellow'))
+                        sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                        sys.stdout.write(colored('%s' % (result_info), 'white'))
+                        new_url_list.append(new_url)
+                        result_number_list.append(result_number)
+                        dork_name_list.append(dork_name)
+                        if args.keyword:
+                            keyword_name_list.append(keyword_name)
+                        user_list.append(user)
+                        print('')
+                else:
+                    result_number = url_results_dict[url]
+                    success = sys.stdout.write(colored('[+] ', 'green'))
+                    sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                    sys.stdout.write(colored('%s' % (result_info), 'white'))
+                    new_url_list.append(new_url)
+                    result_number_list.append(result_number)
+                    dork_name_list.append(dork_name)
+                    if args.keyword:
+                        keyword_name_list.append(keyword_name)
+                    user_list.append(user)
+                    print('')
+            else:
+                failure = sys.stdout.write(colored('[-] ', 'red'))
+                sys.stdout.write(colored('%s' % new_url, 'white'))
+                if args.keyword:
+                    if len(keywords_list) - 1 != keyword_count:
+                        keyword_count = keyword_count + 1
+                count = count + 1
+                if len(dorks_list) == count:
+                    count = 0
+                print('')
+# RESULTS LOGIC FOR ORGANIZATIONS
+for organization in organizations_list:
+    print("ORGANIZATION PROVIDED: " + '%s' % organization)
+    print("")
+    for url in results_dict[organization]:
+        if url in url_results_dict:
+            if args.recentlyindexed:
+                new_url = url.replace('https://api.github.com/search/code',
+                                      'https://github.com/search') + '&s=indexed&type=Code&o=desc'
+            elif not args.recentlyindexed:
+                new_url = url.replace('https://api.github.com/search/code',
+                                      'https://github.com/search') + '&type=Code'
+            dork_name = dorks_list[count]
+            dork_info = ' DORK = ' + dork_name + ' | '
+            result_info = dork_info + new_url
+            count = count + 1
+            if url_results_dict[url] == 0:
+                if args.positiveresults == False:
+                    result_number = url_results_dict[url]
+                    normal = sys.stdout.write(colored('[#] ', 'yellow'))
+                    sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                    sys.stdout.write(colored('%s' % (result_info), 'white'))
+                    new_url_list.append(new_url)
+                    result_number_list.append(result_number)
+                    dork_name_list.append(dork_name)
+                    print('')
+            else:
+                result_number = url_results_dict[url]
+                success = sys.stdout.write(colored('[+] ', 'green'))
+                sys.stdout.write(colored('(%d) ' % (result_number), 'cyan'))
+                sys.stdout.write(colored('%s' % (result_info), 'white'))
+                new_url_list.append(new_url)
+                result_number_list.append(result_number)
+                dork_name_list.append(dork_name)
+                print('')
+        else:
+            failure = sys.stdout.write(colored('[-] ', 'red'))
+            sys.stdout.write(colored('%s' % new_url, 'white'))
+            count = count + 1
+            print('')
+# CSV OUTPUT TO FILE
+if args.output:
+    # FILE NAME USER INPUT
+    file_name = args.output
+    # DEFINE ROWS FOR KEYWORDS AND WITHOUT
+    query_with_dorks_rows = zip(dork_name_list, new_url_list, result_number_list)
+    organization_with_dorks_row = zip(dork_name_list, new_url_list, result_number_list)
+    user_with_keyword_only_rows = zip(user_list, keyword_name_list, new_url_list, result_number_list)
+    user_with_keyword_and_dorks_rows = zip(user_list, dork_name_list, keyword_name_list, new_url_list,
+                                           result_number_list)
+    user_with_dorks_only_rows = zip(user_list, dork_name_list, new_url_list, result_number_list)
+    # DEFINE FIELDS FOR KEYWORDS AND WITHOUT
+    query_with_dorks_fields = ['DORK', 'URL', 'NUMBER OF RESULTS']
+    organization_with_dorks_fields = ['DORK', 'URL', 'NUMBER OF RESULTS']
+    user_with_keyword_only_fields = ['USER', 'KEYWORD', 'URL', 'NUMBER OF RESULTS']
+    user_with_keyword_and_dorks_fields = ['USER', 'DORK', 'KEYWORD', 'URL', 'NUMBER OF RESULTS']
+    user_with_dorks_only_fields = ['USER', 'DORK', 'URL', 'NUMBER OF RESULTS']
+    # OUTPUT FOR ROWS WITH KEYWORDS AND DORKS
+    with open(file_name + '_gh_dorks' + '.csv', "w") as csvfile:
+        wr = csv.writer(csvfile)
+        if args.query or args.queryfile:
+            wr.writerow(query_with_dorks_fields)
+            for row in query_with_dorks_rows:
+                wr.writerow(row)
+        if args.organization:
+            wr.writerow(organization_with_dorks_fields)
+            for row in organization_with_dorks_row:
+                wr.writerow(row)
+        elif args.users or args.userfile:
+            if args.keyword and args.dorks:
+                wr.writerow(user_with_keyword_and_dorks_fields)
+                for row in user_with_keyword_and_dorks_rows:
+                    wr.writerow(row)
+            elif args.keyword and not args.dorks:
+                wr.writerow(user_with_keyword_only_fields)
+                for row in user_with_keyword_only_rows:
+                    wr.writerow(row)
+            elif args.dorks and not args.keyword:
+                wr.writerow(user_with_dorks_only_fields)
+                for row in user_with_dorks_only_rows:
+                    wr.writerow(row)
+    csvfile.close()
+    print("")
+    sys.stdout.write(
+        colored("Results have been outputted into the current working directory as " + file_name + "_gitdorker",
+                'green'))
+    print("")
+    print("")

README.md CHANGED Viewed

@@ -1,10 +1,90 @@
 ---
 title: GitDorker
-emoji: 😻
-colorFrom: green
-colorTo: pink
 sdk: docker
-pinned: false
 ---
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

 ---
 title: GitDorker
+emoji: 🕵️
+colorFrom: blue
+colorTo: green
 sdk: docker
+app_port: 7860
 ---
+![Logo](https://github.com/obheda12/GitDorker/blob/master/GitDorker.png)
+# GitDorker
+GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query.
+The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface to begin harvesting sensitive information on GitHub. GitDorker can be used with additional tools such as GitRob or Trufflehog on interesting repos or users discovered from GitDorker to produce best results.
+## In Depth How to Video and Use Cases
+https://youtu.be/UwzB5a5GrZk
+## Rate Limits
+GitDorker utilizes the GitHub Search API and is limited to 30 requests per minute. In order to prevent rate limites a sleep function is built into GitDorker after every 30 requests to prevent search failures. Therefore, if one were to run use the alldorks.txt file with GitDorker, the process will take roughly 5 minutes to complete.
+## Requirements
+** Python3
+** GitHub Personal Access Token
+** Install requirements inside of the requirements.txt file of this repo (pip3 install -r requirements.txt)
+Please follow the guide below if you are unsure of how to create a personal access token:
+https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
+## Recommendations
+It is recommended to provide GitDorker with at least two GitHub personal access tokens so that it may alternate between the two during the dorking process and reduce the likelihood of being rate limited. Using multiple tokens from separate GitHub accounts will provide the best results.
+## Dorks
+Within the dorks folder are a list of dorks. It is recommended to use the "alldorks.txt" file when mapping out your github secrets attack surface. The "alldorks.txt" is my collection of dorks that i've pulled from various resources, totalling to 239 individual dorks of sensitive github information.
+## Usage
+I've created a blog post with far more detail in how to use GitDorker and potential use cases here: https://medium.com/@obheda12/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5
+For a full detailed look of use cases and how to use GitDorker's most updated features please see the BlackHat Presentation below:
+https://youtu.be/UwzB5a5GrZk
+Help Output:
+![Help](https://github.com/obheda12/GitDorker/blob/master/GitDorker%20Help.png)
+## Docker
+```bash
+## Build Command
+docker build -t gitdorker .
+## Basic Run Command
+docker run -it gitdorker
+## Run Command
+docker run -it -v $(pwd)/tf:/tf gitdorker -tf tf/TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla
+## Run Command
+docker run -it -v $(pwd)/tf:/tf xshuden/gitdorker -tf tf/TOKENSFILE -q tesla.com -d dorks/DORKFILE -o tesla
+```
+## Screenshots
+Below is an example of the results from running the query "tesla.com" with a small list of dorks.
+The following command was run to query for "tesla.com" against a list of dorks:
+`python3 GitDorker.py -tf TOKENSFILE -q tesla.com -d Dorks/DORKFILE -o tesla`
+![Results](https://github.com/obheda12/GitDorker/blob/master/GitDorker%20Usage%20Example%20-%20Tesla.png)
+Note: The more advanced queries you put (i.e incorporation of user, org, endpoint information, etc. the more succint results you will achieve)
+## If you like GitDorker and want to see more cool tools!
+<a href="https://www.buymeacoffee.com/obheda12" target="_blank"><img src="https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: 41px !important;width: 174px !important;box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;-webkit-box-shadow: 0px 3px 2px 0px rgba(190, 190, 190, 0.5) !important;" ></a>
+# Credits
+Reference points for creating GitDorker and compiling dorks lists
+- [@gwendallecoguic](https://github.com/gwen001) - special thank you to gwendall and his scripts that provided me with the framework for creating GitDorker.
+- [@techgaun](https://github.com/techgaun) - His list of dorks provided a fantastic base for the dorks file
+- [@Shashank-In](https://github.com/Shashank-In) - His list of Travis leaks helped add additional dorks
+- [@Jhaddix](https://github.com/jhaddix) - Methodology and reference for dorks
+# Disclaimer
+This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.

app.py ADDED Viewed

	@@ -0,0 +1,101 @@

+import os
+import subprocess
+from fastapi import FastAPI, Form, Request
+from fastapi.responses import HTMLResponse
+from fastapi.templating import Jinja2Templates
+import asyncio
+app = FastAPI()
+# We use Jinja2Templates to render the HTML. This is a bit cleaner than a multiline string.
+templates = Jinja2Templates(directory=".")
+HTML_FORM = """
+<!DOCTYPE html>
+<html>
+<head>
+    <title>GitDorker Interface</title>
+    <style>
+        body { font-family: sans-serif; background-color: #f4f4f9; color: #333; margin: 2em; }
+        .container { max-width: 800px; margin: auto; background: white; padding: 2em; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); }
+        h1 { color: #4a4a4a; }
+        form { display: flex; flex-direction: column; gap: 1em; }
+        input[type=text], select { padding: 10px; border-radius: 4px; border: 1px solid #ccc; font-size: 1em; }
+        input[type=submit] { padding: 10px 20px; border: none; border-radius: 4px; background-color: #007bff; color: white; font-size: 1em; cursor: pointer; }
+        input[type=submit]:hover { background-color: #0056b3; }
+        .results { margin-top: 2em; background-color: #282c34; color: #abb2bf; padding: 1em; border-radius: 4px; white-space: pre-wrap; word-wrap: break-word; }
+        .running { color: #ffa500; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>GitDorker Hugging Face Interface</h1>
+        <form action="/run" method="post">
+            <label for="query">Query (e.g., tesla.com):</label>
+            <input type="text" id="query" name="query" required>
+            <label for="dork_file">Dorks File:</label>
+            <select id="dork_file" name="dork_file">
+                <option value="Dorks/alldorksv3">All Dorks (alldorksv3)</option>
+                <option value="Dorks/medium_dorks.txt">Medium Dorks</option>
+            </select>
+            <input type="submit" value="Run GitDorker">
+        </form>
+        <div id="results-container">
+            {% if result %}
+            <h2>Results:</h2>
+            <pre class="results">{{ result }}</pre>
+            {% endif %}
+             {% if running %}
+            <h2 class="running">Running... please wait. This can take several minutes.</h2>
+            {% endif %}
+        </div>
+    </div>
+</body>
+</html>
+"""
+# Create a template from the string
+templates.env.from_string(HTML_FORM)
+@app.get("/", response_class=HTMLResponse)
+async def read_root(request: Request):
+    return templates.TemplateResponse("", {"request": request})
+@app.post("/run", response_class=HTMLResponse)
+async def run_dorker(request: Request, query: str = Form(...), dork_file: str = Form(...)):
+    github_tokens = os.environ.get("GHA_TOKENS")
+    if not github_tokens:
+        error_message = "Error: GHA_TOKENS is not set in the Space secrets."
+        return templates.TemplateResponse("", {"request": request, "result": error_message})
+    # The command needs to be run from the context of the script's directory
+    # Arguments must be separated for subprocess
+    command = [
+        "python3",
+        "GitDorker.py",
+        "-t", github_tokens,
+        "-q", query,
+        "-d", dork_file,
+        "-o", f"output_{query.replace('.', '_')}" # Add output to a file
+    ]
+    # Show a running message first
+    response = templates.TemplateResponse("", {"request": request, "running": True})
+    # Run the process in the background
+    proc = await asyncio.create_subprocess_exec(
+        *command,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE
+    )
+    stdout, stderr = await proc.communicate()
+    # Decode and combine output
+    result_output = stdout.decode('utf-8', errors='ignore') + stderr.decode('utf-8', errors='ignore')
+    return templates.TemplateResponse("", {"request": request, "result": result_output})

dummycreds ADDED Viewed

	@@ -0,0 +1,12 @@

+These are GitDorker Credentials
+password = 123456
+test = test
+supersecret = secret
+youwillneverfindme
+api_key = o123y1houejnduqedgbij
+apikey = 1oi2egquewfihacoju9dfd
+AWS_KEY = nou9W7E89U0I3PDQONP4FOVDFSFSG
+ftp login = ftp://127.0.0.1
+db_user = admin
+db_password = password
+connectionstring = Provider=SQLNCLI11;Data Source=myServerAddress;Failover Partner=myMirrorServerAddress;Initial Catalog=myDataBase;Integrated Security=True;

requirements.txt ADDED Viewed

	@@ -0,0 +1,7 @@

+termcolor
+tqdm
+requests
+fastapi
+uvicorn
+python-multipart
+jinja2

tf/TOKENSFILE ADDED Viewed

File without changes