salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13905eb5ee550c966236dd2c987699217d7ab8eb
keyhunter/.planning/phases/08-dork-engine/08-03-PLAN.md
salvacybersec 46cf55ad37 docs(08): create phase plan
2026-04-06 00:13:13 +03:00

193 lines
7.8 KiB
Markdown
Raw Blame History

---
phase: 08-dork-engine
plan: 03
type: execute
wave: 2
depends_on: [08-01]
files_modified:
- pkg/dorks/definitions/google/frontier.yaml
- pkg/dorks/definitions/google/specialized.yaml
- pkg/dorks/definitions/google/infrastructure.yaml
- pkg/dorks/definitions/shodan/frontier.yaml
- pkg/dorks/definitions/shodan/infrastructure.yaml
- dorks/google/frontier.yaml
- dorks/google/specialized.yaml
- dorks/google/infrastructure.yaml
- dorks/shodan/frontier.yaml
- dorks/shodan/infrastructure.yaml
autonomous: true
requirements:
- DORK-01
- DORK-02
- DORK-04
must_haves:
truths:
- "Registry.ListBySource(\"google\") returns >= 30 entries"
- "Registry.ListBySource(\"shodan\") returns >= 20 entries"
- "All google dorks use real site:/filetype: operators"
- "All shodan dorks use real shodan query syntax (ssl.cert, http.title, etc.)"
artifacts:
- path: "pkg/dorks/definitions/google/"
provides: "30 Google dorks across 3 categories"
contains: "source: google"
- path: "pkg/dorks/definitions/shodan/"
provides: "20 Shodan dorks"
contains: "source: shodan"
key_links:
- from: "pkg/dorks/definitions/{google,shodan}/*.yaml"
to: "pkg/dorks/loader.go"
via: "go:embed subdir walk"
pattern: "source: (google|shodan)"
---
<objective>
Populate Google (30) and Shodan (20) sources — 50 dorks total. Google uses site:
and filetype: operators to find leaked keys on non-GitHub platforms (pastebin,
gitlab raw, etc.). Shodan uses its banner/certificate query syntax to surface
exposed self-hosted LLM services (Ollama, vLLM, LocalAI, LiteLLM dashboards).
Purpose: Broadens DORK-02 coverage beyond GitHub into the two next-most-important
sources. Execution of these queries is deferred to Phase 11 (Google) and Phase 12
(Shodan) — this plan only delivers the definitions.
Output: 50 loadable Google + Shodan dorks.
</objective>
<execution_context>
@$HOME/.claude/get-shit-done/workflows/execute-plan.md
@$HOME/.claude/get-shit-done/templates/summary.md
</execution_context>
<context>
@.planning/phases/08-dork-engine/08-CONTEXT.md
@.planning/phases/08-dork-engine/08-01-PLAN.md
@pkg/dorks/schema.go
</context>
<tasks>
<task type="auto">
<name>Task 1: 30 Google dorks (site/filetype operators)</name>
<files>
pkg/dorks/definitions/google/frontier.yaml,
pkg/dorks/definitions/google/specialized.yaml,
pkg/dorks/definitions/google/infrastructure.yaml,
dorks/google/frontier.yaml,
dorks/google/specialized.yaml,
dorks/google/infrastructure.yaml
</files>
<action>
Create three frontier/specialized/infrastructure files (dual location).
All entries use source: google. Queries are real Google search operators
(site:, filetype:, intext:, inurl:). No HTML escaping — raw text.
**frontier.yaml — 12 dorks:**
- google-openai-pastebin: `site:pastebin.com "sk-proj-"`
- google-openai-gitlab-raw: `site:gitlab.com/*/raw/* "sk-proj-"`
- google-openai-env-leak: `intext:"OPENAI_API_KEY=sk-proj-" filetype:env`
- google-anthropic-pastebin: `site:pastebin.com "sk-ant-api03-"`
- google-anthropic-env: `intext:"ANTHROPIC_API_KEY=sk-ant-" filetype:env`
- google-ai-pastebin: `site:pastebin.com "AIzaSy" "generativelanguage"`
- google-ai-gitlab: `site:gitlab.com "AIzaSy" inurl:config`
- google-groq-pastebin: `site:pastebin.com "gsk_"`
- google-cohere-env: `intext:"COHERE_API_KEY" filetype:env`
- google-mistral-env: `intext:"MISTRAL_API_KEY=" filetype:env`
- google-xai-pastebin: `site:pastebin.com "xai-"`
- google-replicate-env: `intext:"r8_" filetype:env -site:github.com`
category: frontier.
**specialized.yaml — 10 dorks:**
- google-perplexity-pastebin: `site:pastebin.com "pplx-"`
- google-hf-pastebin: `site:pastebin.com "hf_"`
- google-elevenlabs-env: `intext:"ELEVENLABS_API_KEY" filetype:env`
- google-deepgram-env: `intext:"DEEPGRAM_API_KEY" filetype:env`
- google-assemblyai-pastebin: `site:pastebin.com "ASSEMBLYAI_API_KEY"`
- google-stability-env: `intext:"sk-stability-" filetype:env`
- google-jina-env: `intext:"jina_" filetype:env`
- google-voyage-env: `intext:"VOYAGE_API_KEY" filetype:env`
- google-hf-notebook: `site:colab.research.google.com "hf_"`
- google-hf-kaggle: `site:kaggle.com "hf_" inurl:notebook`
category: specialized.
**infrastructure.yaml — 8 dorks:**
- google-openrouter-pastebin: `site:pastebin.com "sk-or-v1-"`
- google-openrouter-env: `intext:"sk-or-v1-" filetype:env`
- google-litellm-config: `intext:"LITELLM_MASTER_KEY" filetype:yaml`
- google-helicone-env: `intext:"sk-helicone-" filetype:env`
- google-portkey-env: `intext:"PORTKEY_API_KEY" filetype:env`
- google-ollama-exposed: `intitle:"Ollama" inurl:":11434"`
- google-vllm-exposed: `intitle:"vLLM" "/v1/models"`
- google-localai-exposed: `intitle:"LocalAI" "/v1/chat/completions"`
category: infrastructure.
</action>
<verify>
<automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/google/*.yaml | awk -F: '{s+=$NF}END{print "google:",s; if(s<30) exit 1}'</automated>
</verify>
<done>30 Google dorks loaded, all pass Validate(), tests pass.</done>
</task>
<task type="auto">
<name>Task 2: 20 Shodan dorks (banner/cert queries)</name>
<files>
pkg/dorks/definitions/shodan/frontier.yaml,
pkg/dorks/definitions/shodan/infrastructure.yaml,
dorks/shodan/frontier.yaml,
dorks/shodan/infrastructure.yaml
</files>
<action>
Two Shodan files, dual location. All entries source: shodan. Queries use
real Shodan syntax: http.title, http.html, ssl.cert.subject.cn, product,
port, org, http.favicon.hash.
**frontier.yaml — 6 dorks** (exposed frontier-adjacent APIs):
- shodan-openai-proxy: `http.title:"openai" http.html:"/v1/chat/completions"`
- shodan-litellm-proxy: `http.title:"LiteLLM" port:4000`
- shodan-openai-nginx: `http.html:"OPENAI_API_KEY" http.component:nginx`
- shodan-azure-openai: `ssl.cert.subject.cn:"openai.azure.com"`
- shodan-bedrock-runtime: `ssl.cert.subject.cn:"bedrock-runtime"`
- shodan-anthropic-proxy: `http.html:"anthropic" http.html:"messages"`
category: frontier.
**infrastructure.yaml — 14 dorks** (the bulk: self-hosted + gateway):
- shodan-ollama-default: `product:"Ollama" port:11434`
- shodan-ollama-tags: `http.html:"/api/tags" http.title:"Ollama"`
- shodan-vllm: `http.html:"vLLM" http.html:"/v1/models"`
- shodan-localai: `http.title:"LocalAI"`
- shodan-lmstudio: `http.title:"LM Studio"`
- shodan-textgenwebui: `http.title:"text-generation-webui"`
- shodan-openwebui: `http.title:"Open WebUI" http.html:"/api/chat"`
- shodan-openrouter-proxy: `http.html:"openrouter.ai" port:443`
- shodan-portkey-gateway: `http.title:"Portkey"`
- shodan-helicone-gateway: `http.html:"helicone" http.html:"/v1"`
- shodan-triton-server: `http.html:"NVIDIA Triton" http.html:"/v2/models"`
- shodan-tgi-hf: `http.html:"text-generation-inference" "/generate"`
- shodan-langserve: `http.title:"LangServe"`
- shodan-fastchat: `http.title:"FastChat"`
category: infrastructure.
</action>
<verify>
<automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/shodan/*.yaml | awk -F: '{s+=$NF}END{print "shodan:",s; if(s<20) exit 1}'</automated>
</verify>
<done>20 Shodan dorks loaded, all pass Validate().</done>
</task>
</tasks>
<verification>
`go test ./pkg/dorks/...` passes; Google+Shodan sources visible in registry stats.
</verification>
<success_criteria>
- 30 Google dorks + 20 Shodan dorks = 50 new dorks
- Cumulative total (with Plan 08-02) reaches 100
- All dorks pass schema validation
</success_criteria>
<output>
After completion, create `.planning/phases/08-dork-engine/08-03-SUMMARY.md`
</output>
Reference in New Issue View Git Blame Copy Permalink