Jiaxi ® renzhexigua

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

IDAPython cheatsheet

Important links

Basic commands

Get informations on the binary

Docker Hub 镜像加速器

国内从 Docker Hub 拉取镜像有时会遇到困难，此时可以配置镜像加速器。

Dockerized 实践 https://github.com/y0ngb1n/dockerized

1️⃣ Docker daemon 配置代理（推荐）

参考 Docker daemon 配置代理

	New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -ErrorAction SilentlyContinue \| Out-Null
	$count = 0
	try {
	Get-ChildItem HKCR: -ErrorAction SilentlyContinue \| ForEach-Object {
	if((Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).PSObject.Properties.Name -contains "URL Protocol") {
	$name = $_.PSChildName
	$count += 1
	$line = "URI Handler {0:d4}: {1}" -f $count, $name
	Write-Host $line
	}

	import requests
	import base64
	import sys

	# Generates a Microsoft Symbol Server link from a filename and a file hash using VirusTotal.
	# Example:
	# microsoft-symbol-server-link-gen.py srv2.sys pD5a0dKSCg7Kc0g1yDyWEX8n8ogPj/niCIy4yUR7WvQ=
	# Details:
	# https://m417z.com/Introducing-Winbindex-the-Windows-Binaries-Index/

	import java.io.File;
	import java.util.Base64;
	import common.CommonUtils;
	import java.security.KeyPair;

	class DumpKeys
	{
	public static void main(String[] args)
	{
	try {

	import re
	import argparse


	def deobfuscate(input_str):
	regex_str = r"[\(\{]\s\"(?P<format>[^\)]?)\"\s\-f\s(?P<params>.*?)[\)\}]"
	regex = re.compile(regex_str, re.MULTILINE \| re.IGNORECASE)
	for match in reversed(list(regex.finditer(input_str))):

	format_str = match.group('format')

	Write-Host -NoNewline " "
	Write-Host -NoNewline " _______ _______ ___ _______ _______ _______ "
	Write-Host -NoNewline " \| \|\| _ \|\| \| \| _ \|\| _ \|\| \| "
	Write-Host -NoNewline " \| _ \|\| \|_\| \|\| \| \| \|_\| \|\| \|_\| \|\| _____\| "
	Write-Host -NoNewline " \| \| \| \|\| \|\| \| \| \|\| \|\| \|_____ "
	Write-Host -NoNewline " \| \|_\| \|\| \|\| \|___ \| \|\| _ \| \|_____ \| "
	Write-Host -NoNewline " \| \|\| _ \|\| \|\| _ \|\| \|_\| \| _____\| \| "
	Write-Host -NoNewline " \|_______\|\|__\| \|__\|\|_______\|\|__\| \|__\|\|_______\|\|_______\| "
	Write-Host -NoNewline " "
	Write-Host -NoNewline " "

	== Adb Server
	adb kill-server
	adb start-server

	== Adb Reboot
	adb reboot
	adb reboot recovery
	adb reboot-bootloader

	== Shell

	package main

	/**
	Example hack to encrypt a file using a GPG encryption key. Works with GPG v2.x.
	The encrypted file e.g. /tmp/data.txt.gpg can then be decrypted using the standard command
	gpg /tmp/data.txt.gpg

	Assumes you have created an encryption key and exported armored version.
	You have to read the armored key directly as Go cannot read pubring.kbx (yet).