---
phase: 08-dork-engine
plan: 03
type: execute
wave: 2
depends_on: [08-01]
files_modified:
  - pkg/dorks/definitions/google/frontier.yaml
  - pkg/dorks/definitions/google/specialized.yaml
  - pkg/dorks/definitions/google/infrastructure.yaml
  - pkg/dorks/definitions/shodan/frontier.yaml
  - pkg/dorks/definitions/shodan/infrastructure.yaml
  - dorks/google/frontier.yaml
  - dorks/google/specialized.yaml
  - dorks/google/infrastructure.yaml
  - dorks/shodan/frontier.yaml
  - dorks/shodan/infrastructure.yaml
autonomous: true
requirements:
  - DORK-01
  - DORK-02
  - DORK-04
must_haves:
  truths:
    - "Registry.ListBySource(\"google\") returns >= 30 entries"
    - "Registry.ListBySource(\"shodan\") returns >= 20 entries"
    - "All google dorks use real site:/filetype: operators"
    - "All shodan dorks use real shodan query syntax (ssl.cert, http.title, etc.)"
  artifacts:
    - path: "pkg/dorks/definitions/google/"
      provides: "30 Google dorks across 3 categories"
      contains: "source: google"
    - path: "pkg/dorks/definitions/shodan/"
      provides: "20 Shodan dorks"
      contains: "source: shodan"
  key_links:
    - from: "pkg/dorks/definitions/{google,shodan}/*.yaml"
      to: "pkg/dorks/loader.go"
      via: "go:embed subdir walk"
      pattern: "source: (google|shodan)"
---

<objective>
Populate Google (30) and Shodan (20) sources — 50 dorks total. Google uses site:
and filetype: operators to find leaked keys on non-GitHub platforms (pastebin,
gitlab raw, etc.). Shodan uses its banner/certificate query syntax to surface
exposed self-hosted LLM services (Ollama, vLLM, LocalAI, LiteLLM dashboards).

Purpose: Broadens DORK-02 coverage beyond GitHub into the two next-most-important
sources. Execution of these queries is deferred to Phase 11 (Google) and Phase 12
(Shodan) — this plan only delivers the definitions.
Output: 50 loadable Google + Shodan dorks.
</objective>

<execution_context>
@$HOME/.claude/get-shit-done/workflows/execute-plan.md
@$HOME/.claude/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/phases/08-dork-engine/08-CONTEXT.md
@.planning/phases/08-dork-engine/08-01-PLAN.md
@pkg/dorks/schema.go
</context>

<tasks>

<task type="auto">
  <name>Task 1: 30 Google dorks (site/filetype operators)</name>
  <files>
    pkg/dorks/definitions/google/frontier.yaml,
    pkg/dorks/definitions/google/specialized.yaml,
    pkg/dorks/definitions/google/infrastructure.yaml,
    dorks/google/frontier.yaml,
    dorks/google/specialized.yaml,
    dorks/google/infrastructure.yaml
  </files>
  <action>
    Create three frontier/specialized/infrastructure files (dual location).
    All entries use source: google. Queries are real Google search operators
    (site:, filetype:, intext:, inurl:). No HTML escaping — raw text.

    **frontier.yaml — 12 dorks:**
    - google-openai-pastebin: `site:pastebin.com "sk-proj-"`
    - google-openai-gitlab-raw: `site:gitlab.com/*/raw/* "sk-proj-"`
    - google-openai-env-leak: `intext:"OPENAI_API_KEY=sk-proj-" filetype:env`
    - google-anthropic-pastebin: `site:pastebin.com "sk-ant-api03-"`
    - google-anthropic-env: `intext:"ANTHROPIC_API_KEY=sk-ant-" filetype:env`
    - google-ai-pastebin: `site:pastebin.com "AIzaSy" "generativelanguage"`
    - google-ai-gitlab: `site:gitlab.com "AIzaSy" inurl:config`
    - google-groq-pastebin: `site:pastebin.com "gsk_"`
    - google-cohere-env: `intext:"COHERE_API_KEY" filetype:env`
    - google-mistral-env: `intext:"MISTRAL_API_KEY=" filetype:env`
    - google-xai-pastebin: `site:pastebin.com "xai-"`
    - google-replicate-env: `intext:"r8_" filetype:env -site:github.com`

    category: frontier.

    **specialized.yaml — 10 dorks:**
    - google-perplexity-pastebin: `site:pastebin.com "pplx-"`
    - google-hf-pastebin: `site:pastebin.com "hf_"`
    - google-elevenlabs-env: `intext:"ELEVENLABS_API_KEY" filetype:env`
    - google-deepgram-env: `intext:"DEEPGRAM_API_KEY" filetype:env`
    - google-assemblyai-pastebin: `site:pastebin.com "ASSEMBLYAI_API_KEY"`
    - google-stability-env: `intext:"sk-stability-" filetype:env`
    - google-jina-env: `intext:"jina_" filetype:env`
    - google-voyage-env: `intext:"VOYAGE_API_KEY" filetype:env`
    - google-hf-notebook: `site:colab.research.google.com "hf_"`
    - google-hf-kaggle: `site:kaggle.com "hf_" inurl:notebook`

    category: specialized.

    **infrastructure.yaml — 8 dorks:**
    - google-openrouter-pastebin: `site:pastebin.com "sk-or-v1-"`
    - google-openrouter-env: `intext:"sk-or-v1-" filetype:env`
    - google-litellm-config: `intext:"LITELLM_MASTER_KEY" filetype:yaml`
    - google-helicone-env: `intext:"sk-helicone-" filetype:env`
    - google-portkey-env: `intext:"PORTKEY_API_KEY" filetype:env`
    - google-ollama-exposed: `intitle:"Ollama" inurl:":11434"`
    - google-vllm-exposed: `intitle:"vLLM" "/v1/models"`
    - google-localai-exposed: `intitle:"LocalAI" "/v1/chat/completions"`

    category: infrastructure.
  </action>
  <verify>
    <automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/google/*.yaml | awk -F: '{s+=$NF}END{print "google:",s; if(s<30) exit 1}'</automated>
  </verify>
  <done>30 Google dorks loaded, all pass Validate(), tests pass.</done>
</task>

<task type="auto">
  <name>Task 2: 20 Shodan dorks (banner/cert queries)</name>
  <files>
    pkg/dorks/definitions/shodan/frontier.yaml,
    pkg/dorks/definitions/shodan/infrastructure.yaml,
    dorks/shodan/frontier.yaml,
    dorks/shodan/infrastructure.yaml
  </files>
  <action>
    Two Shodan files, dual location. All entries source: shodan. Queries use
    real Shodan syntax: http.title, http.html, ssl.cert.subject.cn, product,
    port, org, http.favicon.hash.

    **frontier.yaml — 6 dorks** (exposed frontier-adjacent APIs):
    - shodan-openai-proxy: `http.title:"openai" http.html:"/v1/chat/completions"`
    - shodan-litellm-proxy: `http.title:"LiteLLM" port:4000`
    - shodan-openai-nginx: `http.html:"OPENAI_API_KEY" http.component:nginx`
    - shodan-azure-openai: `ssl.cert.subject.cn:"openai.azure.com"`
    - shodan-bedrock-runtime: `ssl.cert.subject.cn:"bedrock-runtime"`
    - shodan-anthropic-proxy: `http.html:"anthropic" http.html:"messages"`

    category: frontier.

    **infrastructure.yaml — 14 dorks** (the bulk: self-hosted + gateway):
    - shodan-ollama-default: `product:"Ollama" port:11434`
    - shodan-ollama-tags: `http.html:"/api/tags" http.title:"Ollama"`
    - shodan-vllm: `http.html:"vLLM" http.html:"/v1/models"`
    - shodan-localai: `http.title:"LocalAI"`
    - shodan-lmstudio: `http.title:"LM Studio"`
    - shodan-textgenwebui: `http.title:"text-generation-webui"`
    - shodan-openwebui: `http.title:"Open WebUI" http.html:"/api/chat"`
    - shodan-openrouter-proxy: `http.html:"openrouter.ai" port:443`
    - shodan-portkey-gateway: `http.title:"Portkey"`
    - shodan-helicone-gateway: `http.html:"helicone" http.html:"/v1"`
    - shodan-triton-server: `http.html:"NVIDIA Triton" http.html:"/v2/models"`
    - shodan-tgi-hf: `http.html:"text-generation-inference" "/generate"`
    - shodan-langserve: `http.title:"LangServe"`
    - shodan-fastchat: `http.title:"FastChat"`

    category: infrastructure.
  </action>
  <verify>
    <automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/shodan/*.yaml | awk -F: '{s+=$NF}END{print "shodan:",s; if(s<20) exit 1}'</automated>
  </verify>
  <done>20 Shodan dorks loaded, all pass Validate().</done>
</task>

</tasks>

<verification>
`go test ./pkg/dorks/...` passes; Google+Shodan sources visible in registry stats.
</verification>

<success_criteria>
- 30 Google dorks + 20 Shodan dorks = 50 new dorks
- Cumulative total (with Plan 08-02) reaches 100
- All dorks pass schema validation
</success_criteria>

<output>
After completion, create `.planning/phases/08-dork-engine/08-03-SUMMARY.md`
</output>