salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb3e57382efba6ea93a7f44ee700acb63ce1400f
keyhunter/.planning/phases/08-dork-engine/08-03-PLAN.md
salvacybersec 46cf55ad37 docs(08): create phase plan
2026-04-06 00:13:13 +03:00

7.8 KiB
Raw Blame History

phase, plan, type, wave, depends_on, files_modified, autonomous, requirements, must_haves
phase plan type wave depends_on files_modified autonomous requirements must_haves
08-dork-engine 03 execute 2
08-01
pkg/dorks/definitions/google/frontier.yaml
pkg/dorks/definitions/google/specialized.yaml
pkg/dorks/definitions/google/infrastructure.yaml
pkg/dorks/definitions/shodan/frontier.yaml
pkg/dorks/definitions/shodan/infrastructure.yaml
dorks/google/frontier.yaml
dorks/google/specialized.yaml
dorks/google/infrastructure.yaml
dorks/shodan/frontier.yaml
dorks/shodan/infrastructure.yaml
true
DORK-01
DORK-02
DORK-04
truths artifacts key_links
Registry.ListBySource("google") returns >= 30 entries
Registry.ListBySource("shodan") returns >= 20 entries
All google dorks use real site:/filetype: operators
All shodan dorks use real shodan query syntax (ssl.cert, http.title, etc.)
path provides contains
pkg/dorks/definitions/google/ 30 Google dorks across 3 categories source: google
path provides contains
pkg/dorks/definitions/shodan/ 20 Shodan dorks source: shodan
from to via pattern
pkg/dorks/definitions/{google,shodan}/*.yaml pkg/dorks/loader.go go:embed subdir walk source: (google|shodan)
Populate Google (30) and Shodan (20) sources — 50 dorks total. Google uses site: and filetype: operators to find leaked keys on non-GitHub platforms (pastebin, gitlab raw, etc.). Shodan uses its banner/certificate query syntax to surface exposed self-hosted LLM services (Ollama, vLLM, LocalAI, LiteLLM dashboards).

Purpose: Broadens DORK-02 coverage beyond GitHub into the two next-most-important sources. Execution of these queries is deferred to Phase 11 (Google) and Phase 12 (Shodan) — this plan only delivers the definitions. Output: 50 loadable Google + Shodan dorks.

<execution_context> @$HOME/.claude/get-shit-done/workflows/execute-plan.md @$HOME/.claude/get-shit-done/templates/summary.md </execution_context>

@.planning/phases/08-dork-engine/08-CONTEXT.md @.planning/phases/08-dork-engine/08-01-PLAN.md @pkg/dorks/schema.go Task 1: 30 Google dorks (site/filetype operators) pkg/dorks/definitions/google/frontier.yaml, pkg/dorks/definitions/google/specialized.yaml, pkg/dorks/definitions/google/infrastructure.yaml, dorks/google/frontier.yaml, dorks/google/specialized.yaml, dorks/google/infrastructure.yaml Create three frontier/specialized/infrastructure files (dual location). All entries use source: google. Queries are real Google search operators (site:, filetype:, intext:, inurl:). No HTML escaping — raw text. 
**frontier.yaml — 12 dorks:**
- google-openai-pastebin: `site:pastebin.com "sk-proj-"`
- google-openai-gitlab-raw: `site:gitlab.com/*/raw/* "sk-proj-"`
- google-openai-env-leak: `intext:"OPENAI_API_KEY=sk-proj-" filetype:env`
- google-anthropic-pastebin: `site:pastebin.com "sk-ant-api03-"`
- google-anthropic-env: `intext:"ANTHROPIC_API_KEY=sk-ant-" filetype:env`
- google-ai-pastebin: `site:pastebin.com "AIzaSy" "generativelanguage"`
- google-ai-gitlab: `site:gitlab.com "AIzaSy" inurl:config`
- google-groq-pastebin: `site:pastebin.com "gsk_"`
- google-cohere-env: `intext:"COHERE_API_KEY" filetype:env`
- google-mistral-env: `intext:"MISTRAL_API_KEY=" filetype:env`
- google-xai-pastebin: `site:pastebin.com "xai-"`
- google-replicate-env: `intext:"r8_" filetype:env -site:github.com`

category: frontier.

**specialized.yaml — 10 dorks:**
- google-perplexity-pastebin: `site:pastebin.com "pplx-"`
- google-hf-pastebin: `site:pastebin.com "hf_"`
- google-elevenlabs-env: `intext:"ELEVENLABS_API_KEY" filetype:env`
- google-deepgram-env: `intext:"DEEPGRAM_API_KEY" filetype:env`
- google-assemblyai-pastebin: `site:pastebin.com "ASSEMBLYAI_API_KEY"`
- google-stability-env: `intext:"sk-stability-" filetype:env`
- google-jina-env: `intext:"jina_" filetype:env`
- google-voyage-env: `intext:"VOYAGE_API_KEY" filetype:env`
- google-hf-notebook: `site:colab.research.google.com "hf_"`
- google-hf-kaggle: `site:kaggle.com "hf_" inurl:notebook`

category: specialized.

**infrastructure.yaml — 8 dorks:**
- google-openrouter-pastebin: `site:pastebin.com "sk-or-v1-"`
- google-openrouter-env: `intext:"sk-or-v1-" filetype:env`
- google-litellm-config: `intext:"LITELLM_MASTER_KEY" filetype:yaml`
- google-helicone-env: `intext:"sk-helicone-" filetype:env`
- google-portkey-env: `intext:"PORTKEY_API_KEY" filetype:env`
- google-ollama-exposed: `intitle:"Ollama" inurl:":11434"`
- google-vllm-exposed: `intitle:"vLLM" "/v1/models"`
- google-localai-exposed: `intitle:"LocalAI" "/v1/chat/completions"`

category: infrastructure.
cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/google/*.yaml | awk -F: '{s+=$NF}END{print "google:",s; if(s<30) exit 1}' 30 Google dorks loaded, all pass Validate(), tests pass. Task 2: 20 Shodan dorks (banner/cert queries) pkg/dorks/definitions/shodan/frontier.yaml, pkg/dorks/definitions/shodan/infrastructure.yaml, dorks/shodan/frontier.yaml, dorks/shodan/infrastructure.yaml Two Shodan files, dual location. All entries source: shodan. Queries use real Shodan syntax: http.title, http.html, ssl.cert.subject.cn, product, port, org, http.favicon.hash. 
**frontier.yaml — 6 dorks** (exposed frontier-adjacent APIs):
- shodan-openai-proxy: `http.title:"openai" http.html:"/v1/chat/completions"`
- shodan-litellm-proxy: `http.title:"LiteLLM" port:4000`
- shodan-openai-nginx: `http.html:"OPENAI_API_KEY" http.component:nginx`
- shodan-azure-openai: `ssl.cert.subject.cn:"openai.azure.com"`
- shodan-bedrock-runtime: `ssl.cert.subject.cn:"bedrock-runtime"`
- shodan-anthropic-proxy: `http.html:"anthropic" http.html:"messages"`

category: frontier.

**infrastructure.yaml — 14 dorks** (the bulk: self-hosted + gateway):
- shodan-ollama-default: `product:"Ollama" port:11434`
- shodan-ollama-tags: `http.html:"/api/tags" http.title:"Ollama"`
- shodan-vllm: `http.html:"vLLM" http.html:"/v1/models"`
- shodan-localai: `http.title:"LocalAI"`
- shodan-lmstudio: `http.title:"LM Studio"`
- shodan-textgenwebui: `http.title:"text-generation-webui"`
- shodan-openwebui: `http.title:"Open WebUI" http.html:"/api/chat"`
- shodan-openrouter-proxy: `http.html:"openrouter.ai" port:443`
- shodan-portkey-gateway: `http.title:"Portkey"`
- shodan-helicone-gateway: `http.html:"helicone" http.html:"/v1"`
- shodan-triton-server: `http.html:"NVIDIA Triton" http.html:"/v2/models"`
- shodan-tgi-hf: `http.html:"text-generation-inference" "/generate"`
- shodan-langserve: `http.title:"LangServe"`
- shodan-fastchat: `http.title:"FastChat"`

category: infrastructure.
cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/shodan/*.yaml | awk -F: '{s+=$NF}END{print "shodan:",s; if(s<20) exit 1}' 20 Shodan dorks loaded, all pass Validate(). `go test ./pkg/dorks/...` passes; Google+Shodan sources visible in registry stats.

<success_criteria>

  • 30 Google dorks + 20 Shodan dorks = 50 new dorks
  • Cumulative total (with Plan 08-02) reaches 100
  • All dorks pass schema validation </success_criteria>
After completion, create `.planning/phases/08-dork-engine/08-03-SUMMARY.md`