GitHub is used by developers to maintain and share their code, most of the time they end up sharing much more sensitive information in it. For the ease of working they use it for collaborative working hence user with less knowledge of security ends up sharing the information publicly.

Dork Description
filename:.npmrc _authnpm registry authentication data
filename:.dockercfg authdocker registry authentication data
extension:pem privateprivate keys
extension:ppk privateputtygen private keys
filename:id_rsa or filename:id_dsaprivate ssh keys
extension:sql mysql dumpmysql dump
extension:sql mysql dump passwordmysql dump look for password; you can try varieties
filename:credentials aws_access_key_idmight return false negatives with dummy values
filename:.s3cfgmight return false negatives with dummy values
filename:wp-config.phpwordpress config files
filename:.htpasswdhtpasswd files
filename:.env DB_USERNAME NOT homesteadlaravel .env (CI, various ruby based frameworks too)
filename:.env smtp configuration (try different smtp services too)
filename:.git-credentialsgit credentials store, add NOT username for more valid results
PT_TOKEN language:bashpivotaltracker tokens
filename:.bashrc passwordsearch for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimpvariation of above (try more variations)
filename:.bash_profile awsaws access and secret keys passwordAmazon RDS possible credentials
extension:json api.forecast.iotry variations, find api keys/secrets
extension:json mongolab.commongolab credentials in json configs
extension:yaml mongolab.commongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.loginpossible salesforce credentials in nodejs projects
SF_USERNAME “salesforce”possible salesforce credentials
filename:.tugboat NOT “_tugboat”Digital Ocean tugboat config
HEROKU_API_KEY language:shellHeroku api keys
HEROKU_API_KEY language:jsonHeroku api keys in json files
filename:.netrc passwordnetrc that possibly holds sensitive credentials
filename:_netrc passwordnetrc that possibly holds sensitive credentials
filename:hub oauth_tokenhub config that stores github tokens
filename:robomongo.jsonmongodb credentials file used by robomongo
filename:filezilla.xml Passfilezilla config file with possible user/pass to ftp
filename:recentservers.xml Passfilezilla config file with possible user/pass to ftp
filename:config.json authsdocker registry authentication data
filename:idea14.keyIntelliJ Idea 14 key, try variations for other versions
filename:config irc_passpossible IRC config
filename:connections.xmlpossible db connections configuration, try variations to be specific
filename:express.conf path:.openshiftopenshift config, only email and server thou
filename:.pgpassPostgreSQL file which can contain passwords
filename:proftpdpasswdUsernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.iniVentrilo configuration
[WFClient] Password= extension:icaWinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon passwordCounter Strike RCON Passwords
JEKYLL_GITHUB_TOKENGithub tokens used for jekyll
filename:.bash_historyBash history file
filename:.cshrcRC file for csh shell
filename:.historyhistory file (often used by many tools)
filename:.sh_historykorn shell history
filename:sshd_configOpenSSH server config
filename:dhcpd.confDHCP service config
filename:prod.exs NOT “prod.secret.exs”Phoenix prod configuration file
filename:prod.secret.exsPhoenix prod secret
filename:configuration.php JConfig passwordJoomla configuration file
filename:config.php dbpasswdPHP application database password (e.g., phpBB forum software)
path:sites databases passwordDrupal website database credentials
shodan_api_key language:pythonShodan API keys (try other languages too)
filename:shadow path:etcContains encrypted passwords and account information of new unix systems
filename:passwd path:etcContains user account information including encrypted passwords of traditional unix systems
extension:avastlic “”Contains license keys for Avast! Antivirus
filename:dbeaver-data-sources.xmlDBeaver config containing MySQL Credentials
filename:.esmtprc password
esmtp configuration
extension:json googleusercontent client_secretOAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shellGithub token usually set by homebrew users
xoxp OR xoxbSlack bot and private tokens password
MLAB Hosted MongoDB Credentials
Firefox saved password collection (key3.db usually in same repo)
CCCam Server config file
msg nickserv identify filename:configPossible IRC login passwords SECRET_KEYDjango secret keys (usually allows for session hijacking, RCE, etc)
filename:secrets.yml passwordUsernames/passwords, Rails applications
filename:master.key path:configRails master key (used for decrypting credentials.yml.enc for Rails 5.2+)
filename:deployment-config.jsonCreated by sftp-deployment for Atom, contains server details and credentials
filename:.ftpconfigCreated by remote-ssh for Atom, contains SFTP/SSH server details and credentials
filename:.remote-sync.jsonCreated by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
filename:sftp.json path:.vscodeCreated by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails
filename:sftp-config.jsonCreated by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials
filename:WebServers.xmlCreated by Jetbrains IDEs, contains web server credentials with encoded passwords (not encrypted!)

Also Read: The 5 most Popular Hacking Tools used by Hackers


  1. Great collection buddy. Can you make list of google dorks for Pentesting only as well ? It will be useful to us.

  2. Here’s a bonus:

    filename:”id_rsa” -language:”Public Key”
    (make sure to sort by recent)

    Github Dorks are brutal!

Leave a Reply