Investigator Use
GitHub Dorks is an open-source repository of Google and GitHub search dorks (advanced search queries) specifically designed to find sensitive information, credentials, and security-relevant content exposed in public GitHub repositories. It compiles a comprehensive list of search operators that can surface API keys, passwords, private keys, configuration files, and other sensitive data inadvertently committed to public code repositories.
For OSINT investigators and security researchers, GitHub Dorks provides a systematic methodology for discovering credential exposures in public source code. Developers frequently commit sensitive data alongside code — database passwords, API keys for third-party services, AWS credentials, private certificates, and authentication tokens — creating publicly accessible exposures that can be used to access live systems.
When conducting authorized security assessments or investigating an organization's security posture, GitHub Dorks provides the query templates for systematically searching their public repositories for common credential exposures. Search queries targeting specific file names (config.php, .env, settings.py), content patterns (password=, api_key, private_key), and repository characteristics efficiently surface potential exposures.
For threat intelligence and incident investigation, discovering that a target organization's credentials have been committed to a public repository explains potential breach vectors and provides intelligence about their internal systems and service integrations.
GitHub Dorks queries can be run directly through GitHub's search interface or through Google's site:github.com operator. The repository categorizes dorks by exposure type — different categories for AWS credentials, database connections, SSH keys, API tokens, and other secret categories.
When investigating a specific organization's repositories, running the dork collection against their GitHub organization namespace (org:company-name) systematically checks for known exposure patterns across all their repositories.
Important: Use GitHub Dorks only for authorized security research, penetration testing engagements, or investigating organizations you have authority to assess. Any discovered credentials should be reported through responsible disclosure rather than exploited.
Document all queries run, any exposures found, and the specific dork syntax used for investigation records.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
All IO
OSINT Search Techniques
All.io aggregates results from multiple search engines in one interface, covering web pages, tweets, YouTube, and images for OSINT.
Answerthepublic
OSINT Search Techniques
AnswerThePublic surfaces real questions people search around any keyword — useful for OSINT subject profiling and research mapping.
Carrot Search
OSINT Search Techniques
Carrot2 organizes your search results into topics. With an instant overview of what
DorkSearch
OSINT Search Techniques
DorkSearch generates advanced Google dork queries to find exposed data, sensitive documents, and vulnerabilities for OSINT research.
Duckduckgo
OSINT Search Techniques
The Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs.
Etools
OSINT Search Techniques
Transparent metasearch engine in Swiss quality. Simultaneously queries major search engines with one click.