Skip to content

Instantly share code, notes, and snippets.

View EinsDreiDreiSiebenX's full-sized avatar
😇
👨‍💻

Dustin EinsDreiDreiSiebenX

😇
👨‍💻
0 followers · 7 following
View GitHub Profile
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active September 19, 2024 04:03

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@cyberheartmi9
cyberheartmi9 / ssl-pinning-root-bypass.js
Created June 5, 2023 05:07
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@incogbyte
incogbyte / mixunpin.js
Last active September 11, 2024 12:57
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@akabe1
akabe1 / frida_multiple_unpinning.js
Last active August 26, 2024 17:15
Another Android ssl certificate pinning bypass for various methods
/* Android ssl certificate pinning bypass script for various methods
by Maurizio Siddu
Run with:
frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/
setTimeout(function() {
Java.perform(function() {
console.log('');
@cubehouse
cubehouse / pinning.js
Last active August 31, 2024 07:50
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
// start with:
// frida -U -l pinning.js -f [APP_ID] --no-pause
Java.perform(function () {
console.log('')
console.log('===')
console.log('* Injecting hooks into common certificate pinning methods *')
console.log('===')
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');