secrets-and-dorkslisted

# Secrets & Dorks > Sub-skill of `offensive-osint`. Load `osint-methodology` for pipeline and triage context. > Authorized targets only. Read-only validators only — never use a validated credential to create, modify, or delete anything. --- ## BEHAVIORAL CONTRACT **When triggered:** Secret scanning, leaked credential hunting, GitHub/Google/Bing dorking, API key discovery, or credential verification is needed. **Execute:** 1. Run the 48-pattern secret catalog (§1) against the target corpus — GitHub code, Postman workspaces, JS bodies, sourceMaps, mobile strings, Wayback HTML, paste sites, Stack Exchange code blocks. Process patterns in order (most-specific first) to minimize false positives. 2. Run the dork corpus (§2) across Google, Bing, Brave, DDG — substitute `{domain}` and `{company}`. Run across multiple engines (they surface different results). 3. Run GitHub code-search dorks (§3) against the target domain stem, full domain, and company name. 4. For every secret match: classify by catalog severity, then validate using the matching read-only validator from §4 (if one exists for that provider). 5. Never validate credentials for which no read-only endpoint exists. Never validate AWS root ARNs (`:root`). 6. For validated-live credentials: emit `SECRET_LEAK` finding at catalog severity, then chain to `post-discovery` for enumeration (gated on RoE). **Output:** `SECRET_LEAK` findings per `osint-methodology` §3 schema. Validator results per §4.10 schema (status, provider