Implement user-defined wait timer or detect throttling from github
tbennett6421 opened this issue · 1 comments
tbennett6421 commented
[recon-ng][default] > modules load recon/repositories-vulnerabilities/github_dorks
[recon-ng][default][github_dorks] > run
--------------------
MEGACORPONE/GIT-TEST
--------------------
[*] Searching Github for: repo:megacorpone/git-test extension:pem private
[*] Searching Github for: repo:megacorpone/git-test extension:conf FTP server configuration
[*] Searching Github for: repo:megacorpone/git-test extension:xls mail
[*] Searching Github for: repo:megacorpone/git-test extension:sql mysql dump
[*] Searching Github for: repo:megacorpone/git-test stars:>1000 forks:>100 extension:php "eval(preg_replace("
[*] Searching Github for: repo:megacorpone/git-test mysql.binero.se
[*] Searching Github for: repo:megacorpone/git-test define("DB_PASSWORD"
[*] Searching Github for: repo:megacorpone/git-test extension:php mysql_query $_GET
[*] Searching Github for: repo:megacorpone/git-test filename:secret_token.rb config
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/git-test language:ruby secret_token
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/git-test extension:py flask render_template_string
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/git-test e10adc3949ba59abbe56e057f20f883e
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/git-test path:.ssh/id_rsa BEGIN
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
---------------------------
MEGACORPONE/MEGACORPONE.COM
---------------------------
[*] Searching Github for: repo:megacorpone/megacorpone.com extension:pem private
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/megacorpone.com extension:conf FTP server configuration
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/megacorpone.com extension:xls mail
[!] Message from Github: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
[*] Searching Github for: repo:megacorpone/megacorpone.com extension:sql mysql dump
[recon-ng][default][github_dorks] > info
Name: Github Dork Analyzer
Author: Tim Tomes (@lanmaster53)
Version: 1.0
Keys: github_api
Description:
Uses the Github API to search for possible vulnerabilites in source code by leveraging Github Dorks
and the 'repo' search operator. Updates the 'vulnerabilities' table with the results.
Options:
Name Current Value Required Description
------ ------------- -------- -----------
DORKS /root/.recon-ng/data/github_dorks.txt yes file containing a list of Github dorks
SOURCE default yes source of input (see 'info' for details)
Source Options:
default SELECT DISTINCT owner || '/' || name FROM repositories WHERE name IS NOT NULL AND resource LIKE 'Github' AND category LIKE 'repo'
<string> string representing a single input
<path> path to a file containing a list of inputs
query <sql> database query returning one column of inputs
Ideal solutions include detecting throttling and implementing exponential back-off timers. Alternatively adding a Option to set a wait timer to delay subsequent calls to avoid throttling would work as well.
Never contributed to recon-ng before, but I may look at adding a PR for it.