geekyayush · April 19, 2025 17:08 · Jun 18, 2023 · Jun 18, 2023
diff --git a/GitHub-Leaked-API-Keys-and-Secrets.md b/GitHub-Leaked-API-Keys-and-Secrets.md
@@ -76,13 +76,13 @@ As a security professional, it is important to conduct a thorough reconnaissance
 |secret_key|Variable name to store the key used for authentication or encryption|
 |access_token|Variable name to store the token used for accessing an API or resource|
 |api_key|Variable name to store the key used for accessing an API or service|
-|apikey|Variable name to store a shortened version of "api_key"|
+|apikey|Shortened version of "api_key"|
 |api_secret|Variable name to store the secret key used for API authentication|
-|apiSecret|Variable name to store an alternate capitalization of "api_secret"|
+|apiSecret|An alternate of "api_secret"|
 |app_secret|Variable name to store the secret key used for application authentication|
 |application_key|Variable name to store the key used for identifying an application|
 |app_key|Variable name to store the key used for identifying an application|
-|appkey|Variable name to store a shortened version of "app_key"|
+|appkey|Shortened version of "app_key"|
 |auth_token|Variable name to store the token used for authentication or authorization|
 |authsecret|Variable name to store the secret key used for authentication or authorization|
 

diff --git a/GitHub-Leaked-API-Keys-and-Secrets.md b/GitHub-Leaked-API-Keys-and-Secrets.md
@@ -0,0 +1,94 @@
+# GitHub Search Syntax for Finding API Keys/Secrets/Tokens
+As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
+
+## Search Syntax:
+
+```(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))```
+
+## Examples: 
+
+**1. OpenAI API keys**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND ("sk-" AND (openai OR gpt))```
+
+## Screeenshot: 
+
+![GithubOpenAIAPIkeysSearch](https://user-images.githubusercontent.com/12781459/246651397-910a2268-3c0f-49ec-9c17-ff435bbabf35.png)
+
+
+
+**2. Github OAuth/App/Personal/Refresh Access Token**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (("ghp_" OR "gho_" OR "ghu_" OR "ghs_" OR "ghr_") AND (Github OR OAuth))```
+
+**3. Slack Token**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (xox AND Slack)```
+
+**4. Google API key**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (AIza AND Google)```
+
+**5. Square OAuth/access token**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (("sq0atp-" OR "sq0csp-") AND (square OR OAuth))```
+
+**6. Shopify shared secret, access token, private/custom app access token**
+
+```(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (("shpss_" OR "shpat_" OR "shpca_" OR "shppa_") AND "Shopify")```
+
+## Parameters Used
+
+### File Extensions
+
+|File Extension|Description|
+|:----|:----|
+|.xml|XML file format|
+|.json|JSON (JavaScript Object Notation) file format|
+|.properties|Properties file format used for configuration settings|
+|.sql|SQL (Structured Query Language) file format used for database queries|
+|.txt|Plain text file format|
+|.log|Log file format used for recording events or activities|
+|.tmp|Temporary file format|
+|.backup|Backup file format|
+|.bak|Backup file format|
+|.enc|Encrypted file format|
+|.yml|YAML (YAML Ain't Markup Language) file format used for configuration settings|
+|.yaml|YAML (YAML Ain't Markup Language) file format used for configuration settings|
+|.toml|TOML (Tom's Obvious, Minimal Language) file format used for configuration settings|
+|.ini|INI (Initialization) file format used for configuration settings|
+|.config|Configuration file format|
+|.conf|Configuration file format|
+|.cfg|Configuration file format|
+|.env|Environment file format|
+|.envrc|Environment file format specific to the Direnv tool|
+|.prod|Production file format|
+|.secret|Secret file format|
+|.private|Private file format|
+|.key|Key file format|
+
+
+### Keynames
+
+|Keynames|Description|
+|:----|:----|
+|access_key|Variable name to store the key used for accessing a resource or service|
+|secret_key|Variable name to store the key used for authentication or encryption|
+|access_token|Variable name to store the token used for accessing an API or resource|
+|api_key|Variable name to store the key used for accessing an API or service|
+|apikey|Variable name to store a shortened version of "api_key"|
+|api_secret|Variable name to store the secret key used for API authentication|
+|apiSecret|Variable name to store an alternate capitalization of "api_secret"|
+|app_secret|Variable name to store the secret key used for application authentication|
+|application_key|Variable name to store the key used for identifying an application|
+|app_key|Variable name to store the key used for identifying an application|
+|appkey|Variable name to store a shortened version of "app_key"|
+|auth_token|Variable name to store the token used for authentication or authorization|
+|authsecret|Variable name to store the secret key used for authentication or authorization|
+
+
+## Other Useful Tools: 
+
+- Online IDE Search: https://redhuntlabs.com/online-ide-search/
+- Keyhacks on GitHub: https://github.com/streaak/keyhacks
+- Google Hacking Database: https://www.exploit-db.com/google-hacking-database