Jamaluddin fikri jams008

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Adjusting child processes for PHP-FPM (Nginx)

When setting these options consider the following:

How long is your average request?
What is the maximum number of simultaneous visitors the site(s) get?
How much memory on average does each child process consume?

Determine if the max_children limit has been reached.

sudo grep max_children /var/log/php?.?-fpm.log.1 /var/log/php?.?-fpm.log

	<!DOCTYPE NETSCAPE-Bookmark-file-1>
	<!-- This is an automatically generated file.
	It will be read and overwritten.
	DO NOT EDIT! -->
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
	<TITLE>Bookmarks</TITLE>
	<H1>Bookmarks</H1>
	<DL><p>
	<DT><H3 ADD_DATE="1626629115" LAST_MODIFIED="1626629462" PERSONAL_TOOLBAR_FOLDER="true">Bookmarks bar</H3>
	<DL><p>

	$remoteport = bash.exe -c "ifconfig eth0 \| grep 'inet '"
	$found = $remoteport -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';

	if( $found ){
	$remoteport = $matches[0];
	} else{
	echo "The Script Exited, the ip address of WSL 2 cannot be found";
	exit;
	}

	#!/bin/bash
	# Bulk DNS Lookup
	# Generates a CSV of DNS lookups from a list of domains.
	#
	# File name/path of domain list:
	domain_list='domains.txt' # One FQDN per line in file.
	#
	# IP address of the nameserver used for lookups:
	ns_ip='1.1.1.1' # Is using Cloudflare's 1.1.1.1.
	#

	FROM nginx:alpine AS builder

	# nginx:alpine contains NGINX_VERSION environment variable, like so:
	# ENV NGINX_VERSION 1.15.0

	# Our NCHAN version
	ENV NCHAN_VERSION 1.1.15

	# Download sources
	RUN wget "http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O nginx.tar.gz && \

	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: nginx-conf
	data:
	nginx.conf: \|
	user nginx;
	worker_processes 3;
	error_log /var/log/nginx/error.log;
	events {


	FILE SPACING:

	# double space a file
	sed G

	# double space a file which already has blank lines in it. Output file
	# should contain no more than one blank line between lines of text.
	sed '/^$/d;G'

	listen l1
	bind 0.0.0.0:443
	mode tcp
	timeout connect 4000
	timeout client 180000
	timeout server 180000
	server srv1 host.example.com:9443

	import tweepy
	import csv
	import pandas as pd
	####input your credentials here
	consumer_key = ''
	consumer_secret = ''
	access_token = ''
	access_token_secret = ''

	auth = tweepy.OAuthHandler(consumer_key, consumer_secret)