forked from techgaun/github-dorks
-
Notifications
You must be signed in to change notification settings - Fork 2
/
github-dork.py
135 lines (117 loc) · 4.06 KB
/
github-dork.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
import github3 as github
import os
import argparse
import time
from copy import copy
from sys import stderr
gh_user = os.getenv('GH_USER', None)
gh_pass = os.getenv('GH_PWD', None)
gh_token = os.getenv('GH_TOKEN', None)
gh = github.GitHub(username=gh_user, password=gh_pass, token=gh_token)
def search_wrapper(gen):
while True:
gen_back = copy(gen)
try:
yield next(gen)
except StopIteration:
raise
except github.exceptions.ForbiddenError as e:
search_rate_limit = gh.rate_limit()['resources']['search']
limit_remaining = search_rate_limit['remaining']
reset_time = search_rate_limit['reset']
current_time = int(time.time())
sleep_time = reset_time - current_time + 1
stderr.write('GitHub Search API rate limit reached. Sleeping for %d seconds.\n\n' %(sleep_time))
time.sleep(sleep_time)
yield next(gen_back)
except Exception as e:
raise e
def search(repo_to_search=None, user_to_search=None, gh_dorks_file=None):
if gh_dorks_file is None:
gh_dorks_file = 'github-dorks.txt'
if not os.path.isfile(gh_dorks_file):
raise Exception('Error, the dorks file path is not valid')
found = False
with open(gh_dorks_file, 'r') as dork_file:
for dork in dork_file:
dork = dork.strip()
if not dork or dork[0] in '#;':
continue
addendum = ''
if repo_to_search:
addendum = ' repo:' + repo_to_search
elif user_to_search:
addendum = ' user:' + user_to_search
dork = dork + addendum
search_results = search_wrapper(gh.search_code(dork))
try:
for search_result in search_results:
found = True
fmt_args = {
'dork': dork,
'text_matches': search_result.text_matches,
'path': search_result.path,
'score': search_result.score,
'url': search_result.html_url
}
result = '\n'.join([
'Found result for {dork}',
'Text matches: {text_matches}',
'File path: {path}',
'Score/Relevance: {score}',
'URL of File: {url}',
''
]).format(**fmt_args)
print(result)
except github.exceptions.GitHubError as e:
print('GitHubError encountered on search of dork: ' + dork)
print(e)
return
except Exception as e:
print(e)
print('Error encountered on search of dork: ' + dork)
if not found:
print('No results for your dork search' + addendum + '. Hurray!')
def main():
parser = argparse.ArgumentParser(
description='Search github for github dorks',
epilog='Use responsibly, Enjoy pentesting'
)
parser.add_argument(
'-v',
'--version',
action='version',
version='%(prog)s 0.1.0'
)
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument(
'-u',
'--user',
dest='user_to_search',
action='store',
help='Github user/org to search within. Eg: techgaun'
)
group.add_argument(
'-r',
'--repo',
dest='repo_to_search',
action='store',
help='Github repo to search within. Eg: techgaun/github-dorks'
)
parser.add_argument(
'-d',
'--dork',
dest='gh_dorks_file',
action='store',
help='Github dorks file. Eg: github-dorks.txt'
)
args = parser.parse_args()
search(
repo_to_search=args.repo_to_search,
user_to_search=args.user_to_search,
gh_dorks_file=args.gh_dorks_file
)
if __name__ == '__main__':
main()