gitdork 1.0.0__tar.gz

gitdork-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install click rich httpx pytest ruff
+          pip install -e .
+
+      - name: Lint with ruff
+        run: ruff check gitdork/
+
+      - name: Run tests
+        run: pytest tests/ -v --tb=short

gitdork-1.0.0/.github/workflows/release.yml

@@ -0,0 +1,92 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  release:
+    name: Build & Publish Release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install click rich httpx pytest build twine
+          pip install -e .
+
+      - name: Run tests (must pass before release)
+        run: pytest tests/ -v --tb=short
+
+      - name: Build PyPI package
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}
+
+      - name: Build release zip
+        run: |
+          TAG="${GITHUB_REF_NAME}"
+          STAGING="gitdork-${TAG}"
+          mkdir -p "${STAGING}"
+          rsync -av \
+            --exclude='.git' \
+            --exclude='__pycache__' \
+            --exclude='*.pyc' \
+            --exclude='.pytest_cache' \
+            --exclude='*.egg-info' \
+            --exclude="${STAGING}" \
+            . "${STAGING}/"
+          ZIP_NAME="gitdork-${TAG}.zip"
+          zip -r "${ZIP_NAME}" "${STAGING}/"
+          echo "ZIP_NAME=${ZIP_NAME}" >> $GITHUB_ENV
+          echo "TAG=${TAG}" >> $GITHUB_ENV
+          echo "--- Release zip contents ---"
+          unzip -l "${ZIP_NAME}"
+
+      - name: Extract changelog entry
+        run: |
+          python3 - << 'PYEOF'
+          import re, os
+          tag = os.environ["GITHUB_REF_NAME"]
+          version = tag.lstrip("v")
+          try:
+              readme = open("CHANGELOG.md").read()
+              pattern = rf"(?m)^##\s+\[?v?{re.escape(version)}\]?.*?\n(.*?)(?=\n^##\s|\Z)"
+              m = re.search(pattern, readme, re.DOTALL)
+              notes = m.group(1).strip() if m else f"Release {tag}"
+          except Exception:
+              notes = f"gitdork {tag}"
+          with open("/tmp/release_notes.md", "w") as f:
+              f.write(notes)
+          print(notes[:500])
+          PYEOF
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.ref_name }}
+          name: "gitdork ${{ github.ref_name }}"
+          body_path: /tmp/release_notes.md
+          draft: false
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') || contains(github.ref_name, 'rc') }}
+          files: ${{ env.ZIP_NAME }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

gitdork-1.0.0/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+## [1.0.0] - 2024-01-01
+
+### Added
+- Initial release
+- Google dork generation — 40+ templates across 8 categories
+- Shodan dork generation — 30+ templates covering ports, services, SSL, admin panels
+- GitHub code search dorks — 35+ templates for secrets, sensitive files, misconfigs
+- Tech stack detection via `--enrich` flag (GitHub API)
+- Category filtering with `--category`
+- Engine filtering with `--engine`
+- Terminal (Rich), JSON, and Markdown output formats
+- `generate`, `list-categories`, `list-engines` commands

gitdork-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 ExploitCraft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

gitdork-1.0.0/PKG-INFO

@@ -0,0 +1,223 @@
+Metadata-Version: 2.4
+Name: gitdork
+Version: 1.0.0
+Summary: Google, Shodan, and GitHub dork generator for pentesters and bug bounty hunters
+Project-URL: Homepage, https://github.com/ExploitCraft/gitdork
+Project-URL: Repository, https://github.com/ExploitCraft/gitdork
+Project-URL: Bug Tracker, https://github.com/ExploitCraft/gitdork/issues
+Author-email: ExploitCraft <exploitcraft@users.noreply.github.com>
+License: MIT
+License-File: LICENSE
+Keywords: bugbounty,dorking,google-dorks,osint,pentest,recon,security,shodan
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Requires-Dist: click>=8.1
+Requires-Dist: httpx>=0.25
+Requires-Dist: rich>=13.0
+Provides-Extra: dev
+Requires-Dist: pytest; extra == 'dev'
+Requires-Dist: respx; extra == 'dev'
+Requires-Dist: ruff; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# 🎯 gitdork
+
+> Google, Shodan, and GitHub dork generator. Feed it a repo URL or domain — get ready-to-use dork queries targeting exposed secrets, sensitive files, open directories, and misconfigs. Built for pentesters and bug bounty hunters.
+
+[![CI](https://github.com/ExploitCraft/gitdork/actions/workflows/ci.yml/badge.svg)](https://github.com/ExploitCraft/gitdork/actions)
+[![PyPI](https://img.shields.io/pypi/v/gitdork)](https://pypi.org/project/gitdork/)
+[![Python](https://img.shields.io/pypi/pyversions/gitdork)](https://pypi.org/project/gitdork/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
+---
+
+## Features
+
+- 🔍 **Google dorks** — `site:`, `filetype:`, `intitle:`, `inurl:` across 8 categories
+- 🌐 **Shodan dorks** — `hostname:`, `port:`, `ssl:`, `product:` for infra recon
+- 🐙 **GitHub code search** — `org:`, `filename:`, `extension:` for secret hunting
+- 🧠 **Tech stack detection** — fetch GitHub metadata to generate tech-specific dorks
+- 🗂️ **Category filtering** — focus on secrets, misconfigs, login panels, or any combo
+- ⚙️ **Engine filtering** — run just Google, just Shodan, or all three
+- 📊 **Multiple output formats** — terminal (Rich), JSON, Markdown
+- 🔗 **Clickable URLs** — every dork includes a direct search link
+
+---
+
+## Installation
+
+```bash
+pip install gitdork
+```
+
+Or from source:
+
+```bash
+git clone https://github.com/ExploitCraft/gitdork
+cd gitdork
+pip install -e .
+```
+
+---
+
+## Quick Start
+
+```bash
+# Generate dorks for a domain
+gitdork generate example.com
+
+# Generate dorks for a GitHub org/repo
+gitdork generate ExploitCraft/ReconNinja
+
+# Google dorks only
+gitdork generate example.com --engine google
+
+# Secrets and misconfigs only
+gitdork generate example.com --category secrets,misconfigs
+
+# Enrich with GitHub API (detects tech stack for extra dorks)
+gitdork generate ExploitCraft/ReconNinja --enrich
+
+# Export to JSON
+gitdork generate example.com --format json --output dorks.json
+
+# Export to Markdown (great for reports)
+gitdork generate example.com --format markdown --output dorks.md
+
+# Group output by category instead of engine
+gitdork generate example.com --group-by category
+```
+
+---
+
+## Example Output
+
+```
+╭─ gitdork — Google, Shodan & GitHub dork generator ─╮
+
+Target: example.com
+
+── GOOGLE ──────────────────────────────────────────────
+
+ #   CATEGORY            DESCRIPTION                       QUERY
+ 1   Secrets & Creds     API keys in GitHub                site:github.com "example.com" "api_key"
+ 2   Sensitive Files     .env files exposed                site:example.com filetype:env
+ 3   Sensitive Files     Log files exposed                 site:example.com filetype:log
+ 4   Exposed Dirs        Open directory listings           site:example.com intitle:"index of /"
+ 5   Misconfigurations   phpMyAdmin exposed                site:example.com inurl:phpMyAdmin
+...
+
+── SHODAN ───────────────────────────────────────────────
+
+ #   CATEGORY            DESCRIPTION                       QUERY
+ 1   Subdomains          All hosts under this domain       hostname:"example.com"
+ 2   Misconfigs          SSH exposed                       hostname:"example.com" port:22
+ 3   Misconfigs          Redis exposed (often no auth)     hostname:"example.com" port:6379
+...
+
+╭─ Summary ──────────────────────╮
+  Total dorks   97
+  Google        42
+  Shodan        31
+  GitHub        24
+╰────────────────────────────────╯
+```
+
+---
+
+## Categories
+
+| ID | Description |
+|----|-------------|
+| `secrets` | API keys, tokens, passwords, private keys |
+| `sensitive_files` | .env, .sql, .log, .bak, config files |
+| `exposed_dirs` | Open directory listings |
+| `misconfigs` | phpMyAdmin, Jenkins, Grafana, Docker API, debug mode |
+| `login_panels` | Admin panels, login pages |
+| `error_pages` | Stack traces, PHP errors, SQL errors |
+| `subdomains` | Subdomain enumeration, infra discovery |
+| `code_leaks` | TODO credentials, internal-only code |
+
+```bash
+# View all categories
+gitdork list-categories
+
+# View all engines
+gitdork list-engines
+```
+
+---
+
+## CLI Reference
+
+```
+Usage: gitdork [OPTIONS] COMMAND [ARGS]...
+
+Commands:
+  generate         Generate dorks for a target
+  list-categories  List all available categories
+  list-engines     List all supported engines
+
+Options for generate:
+  TARGET              Domain, GitHub org/repo, or URL
+  --engine, -e        google,shodan,github (default: all)
+  --category, -c      Comma-separated category filter
+  --format            terminal | json | markdown (default: terminal)
+  --output, -o        Write to file
+  --group-by          engine | category (default: engine)
+  --enrich            Fetch GitHub metadata for tech-stack dorks
+  --token             GitHub token for enrichment (or GITHUB_TOKEN env)
+```
+
+---
+
+## Tech Stack Detection
+
+With `--enrich`, gitdork queries the GitHub API to detect the repo's language, topics, and description — then generates additional targeted dorks:
+
+| Tech | Extra dorks |
+|------|-------------|
+| `django` | DEBUG mode, SECRET_KEY, ALLOWED_HOSTS |
+| `wordpress` | wp-config.php, upload PHP shells |
+| `laravel` | .env APP_KEY |
+| `aws` | aws_access_key_id in code |
+| `kubernetes` | API server, Shodan product query |
+| `terraform` | tfvars with secrets |
+
+```bash
+# Use your GitHub token for higher API rate limits
+export GITHUB_TOKEN=ghp_...
+gitdork generate ExploitCraft/ReconNinja --enrich
+```
+
+---
+
+## Part of the HackerInc/ExploitCraft Ecosystem
+
+| Tool | Description |
+|------|-------------|
+| [envleaks](https://github.com/ExploitCraft/envleaks) | Codebase & git history secret scanner |
+| [gitdork](https://github.com/ExploitCraft/gitdork) | Google/Shodan dork generator (this repo) |
+| [wifi-passview](https://github.com/ExploitCraft/wifi-passview) | Cross-platform WiFi credential dumper |
+| **ReconNinja** | ReconNinja v6 — 21-phase recon framework |
+| [VaultHound](https://github.com/ExploitCraft/VaultHound) | Secret & credential scanner |
+
+---
+
+## Disclaimer
+
+gitdork generates search queries only — it does not perform any active scanning or exploitation. Use responsibly, only against targets you own or have explicit written permission to test.
+
+---
+
+## License
+
+MIT © [ExploitCraft](https://github.com/ExploitCraft)

gitdork-1.0.0/README.md

@@ -0,0 +1,193 @@
+# 🎯 gitdork
+
+> Google, Shodan, and GitHub dork generator. Feed it a repo URL or domain — get ready-to-use dork queries targeting exposed secrets, sensitive files, open directories, and misconfigs. Built for pentesters and bug bounty hunters.
+
+[![CI](https://github.com/ExploitCraft/gitdork/actions/workflows/ci.yml/badge.svg)](https://github.com/ExploitCraft/gitdork/actions)
+[![PyPI](https://img.shields.io/pypi/v/gitdork)](https://pypi.org/project/gitdork/)
+[![Python](https://img.shields.io/pypi/pyversions/gitdork)](https://pypi.org/project/gitdork/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
+---
+
+## Features
+
+- 🔍 **Google dorks** — `site:`, `filetype:`, `intitle:`, `inurl:` across 8 categories
+- 🌐 **Shodan dorks** — `hostname:`, `port:`, `ssl:`, `product:` for infra recon
+- 🐙 **GitHub code search** — `org:`, `filename:`, `extension:` for secret hunting
+- 🧠 **Tech stack detection** — fetch GitHub metadata to generate tech-specific dorks
+- 🗂️ **Category filtering** — focus on secrets, misconfigs, login panels, or any combo
+- ⚙️ **Engine filtering** — run just Google, just Shodan, or all three
+- 📊 **Multiple output formats** — terminal (Rich), JSON, Markdown
+- 🔗 **Clickable URLs** — every dork includes a direct search link
+
+---
+
+## Installation
+
+```bash
+pip install gitdork
+```
+
+Or from source:
+
+```bash
+git clone https://github.com/ExploitCraft/gitdork
+cd gitdork
+pip install -e .
+```
+
+---
+
+## Quick Start
+
+```bash
+# Generate dorks for a domain
+gitdork generate example.com
+
+# Generate dorks for a GitHub org/repo
+gitdork generate ExploitCraft/ReconNinja
+
+# Google dorks only
+gitdork generate example.com --engine google
+
+# Secrets and misconfigs only
+gitdork generate example.com --category secrets,misconfigs
+
+# Enrich with GitHub API (detects tech stack for extra dorks)
+gitdork generate ExploitCraft/ReconNinja --enrich
+
+# Export to JSON
+gitdork generate example.com --format json --output dorks.json
+
+# Export to Markdown (great for reports)
+gitdork generate example.com --format markdown --output dorks.md
+
+# Group output by category instead of engine
+gitdork generate example.com --group-by category
+```
+
+---
+
+## Example Output
+
+```
+╭─ gitdork — Google, Shodan & GitHub dork generator ─╮
+
+Target: example.com
+
+── GOOGLE ──────────────────────────────────────────────
+
+ #   CATEGORY            DESCRIPTION                       QUERY
+ 1   Secrets & Creds     API keys in GitHub                site:github.com "example.com" "api_key"
+ 2   Sensitive Files     .env files exposed                site:example.com filetype:env
+ 3   Sensitive Files     Log files exposed                 site:example.com filetype:log
+ 4   Exposed Dirs        Open directory listings           site:example.com intitle:"index of /"
+ 5   Misconfigurations   phpMyAdmin exposed                site:example.com inurl:phpMyAdmin
+...
+
+── SHODAN ───────────────────────────────────────────────
+
+ #   CATEGORY            DESCRIPTION                       QUERY
+ 1   Subdomains          All hosts under this domain       hostname:"example.com"
+ 2   Misconfigs          SSH exposed                       hostname:"example.com" port:22
+ 3   Misconfigs          Redis exposed (often no auth)     hostname:"example.com" port:6379
+...
+
+╭─ Summary ──────────────────────╮
+  Total dorks   97
+  Google        42
+  Shodan        31
+  GitHub        24
+╰────────────────────────────────╯
+```
+
+---
+
+## Categories
+
+| ID | Description |
+|----|-------------|
+| `secrets` | API keys, tokens, passwords, private keys |
+| `sensitive_files` | .env, .sql, .log, .bak, config files |
+| `exposed_dirs` | Open directory listings |
+| `misconfigs` | phpMyAdmin, Jenkins, Grafana, Docker API, debug mode |
+| `login_panels` | Admin panels, login pages |
+| `error_pages` | Stack traces, PHP errors, SQL errors |
+| `subdomains` | Subdomain enumeration, infra discovery |
+| `code_leaks` | TODO credentials, internal-only code |
+
+```bash
+# View all categories
+gitdork list-categories
+
+# View all engines
+gitdork list-engines
+```
+
+---
+
+## CLI Reference
+
+```
+Usage: gitdork [OPTIONS] COMMAND [ARGS]...
+
+Commands:
+  generate         Generate dorks for a target
+  list-categories  List all available categories
+  list-engines     List all supported engines
+
+Options for generate:
+  TARGET              Domain, GitHub org/repo, or URL
+  --engine, -e        google,shodan,github (default: all)
+  --category, -c      Comma-separated category filter
+  --format            terminal | json | markdown (default: terminal)
+  --output, -o        Write to file
+  --group-by          engine | category (default: engine)
+  --enrich            Fetch GitHub metadata for tech-stack dorks
+  --token             GitHub token for enrichment (or GITHUB_TOKEN env)
+```
+
+---
+
+## Tech Stack Detection
+
+With `--enrich`, gitdork queries the GitHub API to detect the repo's language, topics, and description — then generates additional targeted dorks:
+
+| Tech | Extra dorks |
+|------|-------------|
+| `django` | DEBUG mode, SECRET_KEY, ALLOWED_HOSTS |
+| `wordpress` | wp-config.php, upload PHP shells |
+| `laravel` | .env APP_KEY |
+| `aws` | aws_access_key_id in code |
+| `kubernetes` | API server, Shodan product query |
+| `terraform` | tfvars with secrets |
+
+```bash
+# Use your GitHub token for higher API rate limits
+export GITHUB_TOKEN=ghp_...
+gitdork generate ExploitCraft/ReconNinja --enrich
+```
+
+---
+
+## Part of the HackerInc/ExploitCraft Ecosystem
+
+| Tool | Description |
+|------|-------------|
+| [envleaks](https://github.com/ExploitCraft/envleaks) | Codebase & git history secret scanner |
+| [gitdork](https://github.com/ExploitCraft/gitdork) | Google/Shodan dork generator (this repo) |
+| [wifi-passview](https://github.com/ExploitCraft/wifi-passview) | Cross-platform WiFi credential dumper |
+| **ReconNinja** | ReconNinja v6 — 21-phase recon framework |
+| [VaultHound](https://github.com/ExploitCraft/VaultHound) | Secret & credential scanner |
+
+---
+
+## Disclaimer
+
+gitdork generates search queries only — it does not perform any active scanning or exploitation. Use responsibly, only against targets you own or have explicit written permission to test.
+
+---
+
+## License
+
+MIT © [ExploitCraft](https://github.com/ExploitCraft)

gitdork-1.0.0/gitdork/__init__.py

@@ -0,0 +1,2 @@
+"""gitdork — Google, Shodan, and GitHub dork generator."""
+__version__ = "1.0.0"