Github Dorking and Github Recon ?

March 22, 2021 admin ethical hacking 0

In this article, we are telling you about Github Dorking and Github Recon. You may not have heard about it before because Github Dorking and Github Recon is not talked about much.

Here we are telling you about Github Dorking and Github Recon practically, here we are telling you by doing Github Dorking manually as well as automatically. You will come to know in this article how useful Github Dorking can be for you.

All this is being told to you for educational purpose, do not misuse it in any way, Github Dorking can help you a lot in bug bounty, it has been told about google dorking before.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Github ?

Let us first tell you a little about github, by the way, everyone who is interested in Ethical Hacking knows about github because we all have visited github’s website at some time or the other.

In such a situation, almost everyone knows the introduction of github, but we want to tell you something about github for Github Dorking and Github Recon which you must also visit.

Github Dorking

We all know that github is an open source platform where you get to see all kinds of tools repositories, but you can also use github as a search engine and do Github Dorking.

Here we are telling you everything in detail, how you can do Github Dorking and how to remove sensitive information which was left on Github’s website by mistake.

What is Github Dorking ?

Let us now tell you what Github Dorking is and how it is used. We have told you about google Dorking in the past, if you have not read our article what is footprinting, you can read it.

As you have been told, google Dorks are something like intitle, intext, inurl, Filetype, Link, allintitle: Free Learning (intitle: 1 + intitle: 2) just like github dorks are something like GITHUB_TOKEN =, DOCKER_PASSWORD =, SURGE_TOKEN = There are many types of Dorks.

Here is Github dorks List Github Dorks

How to use Github Dorks Manually ?

Let us now tell you how you can use Github Dorks in Github Dorking, here first we are manually telling you about Github Dorking.

Here we want to clear one thing before telling you about Github Dorking, if you want to get the right result of Github Dorking, then you must create your account on github.

Github Dorking

As you can see in the image you have to simple search your target like we have here on Facebook. com has searched in this way, you can see that you are getting to see information like repositories codes.

Here we want to tell you that most of the sensitive information of your target is found only in the section of the code, here you are showing a lot of code as if you can see how we find from so many codes.

Github Dorking

Here you have access to github dorks using which you can collect sensitive information of your target as you can see in the image as you can see here we have used dbuser.

You are given the list above, you can use any dork from it, but it is only when you use it that you know which result of github Dorks you are getting.

Github Dorking

Here if we get some kind of subdomain of some kind of secret for some kind of ip address , cloudfare bypass or any kind of information that can be exploited.

In such a way, you get some kind of bug by using the information collected, in such a way, if you show it manually by exploiting it, in that case it is called a valid bug.

Also Read

Personally identifiable information pii

Common vulnerabilities and exposures cve

What is session fixation vulnerability

Find Github Dorks Automation tool ?

Now let us tell you how you can use Github Dorking with the help of tools. Here, the tool we are telling you about is named Gitdorker and how to use it is also being told to you.

You cannot use Gitdorker like you use any normal tool, here you have to use personal access token, if you do not do this, then you get an error.

Github Dorking

First of all, you have to download this tool just like we normally download a tool, similarly you can download this tool also git clone https://github.com/obheda12/GitDorker

Command to install requirements (pip3 install -r requirements.txt)

Github Dorking

Here after downloading the tool you have to generate personal access token, you are given a link here, you can take guidance from there, how can you generate personal access token of your account.

https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token

As you can see in the image, you can also generate personal access token by checking the requirements in some similar way, here you can check all the options if you want.

After doing all this, you will be able to see and generate a personal access token, as you can see in the image, you can do github doorking using this token.

After doing all this you have to save this token in a file in the folder of Gitdorker as you can see in the image, here we have removed the github Dorks from the folder so that you can be explained.

After doing all this you have to run a simple command as you can see, after this your tool works correctly and if you want, you can also save the output, here you can check help

As you can see here when you check help it is told to you that tf is used for token, d is used for Dorks list and o is used to save output. command (python3 gitdorker.py -q facebook.com -tf token -d dorks -o facebook)

Here you have to wait a bit because from the list of github Dorks, your target collects its information automatically and saves it as if you can see in the image something similar you get by collecting information.

Here if you get some information that you can use to find some kind of bug, then you will also understand how useful github Dorking can be for you.

The Conclusion

I hope that now you can understand about Github Dorking and Github Recon. We have deeply told you about Github Dorking and Github Recon here.

Here we have also told you about Github Dorking and Github Recon through manually or automatic tools and have also provided you all kinds of useful links if you do it step by step.

In such a situation, you do not have any kind of problem, if you still have any kind of questions related to Github Dorking and Github Recon, in such a way you can ask in the comment as well as by contacting us.

Here we want to tell you one more thing about Github Dorking and Github Recon. You also get employees’ accounts in the original repositories of the target, you must also check there.

If you like this article of ours, then you must share it, here you have been given many types of articles related to bug bounty, if you have not read them, in such a way you can also read them.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Be the first to comment

Leave a Reply

Your email address will not be published.


*