Discover gists

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

Auto-start OBS with Windows and disable shutdown check

References:

For Windows users looking to workaround this change, here's my setup consisting of two Task Scheduler tasks.

14 Coding Patterns To Master

This is a collection of coding patterns I have learned to solve not only some of the most common problems, but the 14 patterns (yes, there are way more than 14, but the point here is taking 6 months of preparation and condensing it into a 30 minute read that would not take more than 1-2 weeks to master. I have found these problems and patterns to be the most useful in that the data structures and algorithms are used in many other problems and become familiar over time. Good luck!

Please feel free to comment if you got some value or find any errors!

Thanks!

Working with Q — Coding Agent Protocol

What This Is

Applied rationality for a coding agent. Defensive epistemology: minimize false beliefs, catch errors early, avoid compounding mistakes.

This is correct for code, where:

Reality has hard edges (the compiler doesn't care about your intent)
Mistakes compound (a wrong assumption propagates through everything built on it)
The cost of being wrong exceeds the cost of being slow

	// from https://odin-lang.org/docs/overview/#when-statements, see end of that section

	package main

	import "core:fmt"
	import "core:mem"

	main :: proc() {
	when ODIN_DEBUG {
	track: mem.Tracking_Allocator

	POST / HTTP/1.1
	Host: localhost
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
	Next-Action: x
	Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
	Content-Length: 459

	------WebKitFormBoundaryx8jO2oVc6SWP3Sad
	Content-Disposition: form-data; name="0"

	export default [
	"Reticulating splines...",
	"Generating witty dialog...",
	"Swapping time and space...",
	"Spinning violently around the y-axis...",
	"Tokenizing real life...",
	"Bending the spoon...",
	"Filtering morale...",
	"Don't think of purple hippos...",
	"We need a new fuse...",

	import time
	import csv
	import random
	from selenium import webdriver
	from selenium.webdriver.chrome.service import Service
	from selenium.webdriver.common.by import By
	from selenium.webdriver.support.ui import WebDriverWait
	from selenium.webdriver.support import expected_conditions as EC
	from selenium.common.exceptions import TimeoutException
	from webdriver_manager.chrome import ChromeDriverManager

	# Copyright (c) 1993-2009 Microsoft Corp.
	#
	# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
	#
	# This file contains the mappings of IP addresses to host names. Each
	# entry should be kept on an individual line. The IP address should
	# be placed in the first column followed by the corresponding host name.
	# The IP address and the host name should be separated by at least one
	# space.
	#