Leaked keys from GitHub

People sometimes don't care about security of own information and sometimes are not attentive and make mistakes, doing routine work every day. They leak stuff on GitHub repository all the time. Among these files may be ssh private keys, national ID scans, credit cards info, passwords, etc. Maybe we can find some Bitcoin private keys and get rich!? Let's try.

 

Old navy warship

Searching for Bitcoins in GitHub repositories with Google BigQuery

Tools:

Google BigQuery: https://cloud.google.com/bigquery/
https://cloud.google.com/bigquery/public-data/github

Crafted Query for BigQuery code:

SELECT
 f.repo_name
 f.path,
 c.pkey
FROM
    [bigquery-public-data:github_repos.files} f
//Query all matches for id that fits the key parameters.//
JOIN (
 SELECT
    id,
    REGEXP_EXTRACT(content, r'(?:^|[^a-zA-Z0=9])(5[HJK][123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]{48,49})(?:$|[^a-zA-Z0-9])') AS pkey
 FROM
    [bigquery-public-data:github_repos.contents]
 WHERE
    REGEXP_MATCH(content, r'(?:^|[^a-zA-Z0=9])(5[HJK][123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]{48,49})(?:$|[^a-zA-Z0-9])') c
ON
  f.id = c.id

Python Script for Validating BTC Addresses:

import requests
from pybitcoin import BitcoinPrivateKey
import pybitcoin time
keys = set()
with open('results.csv') as f:
	fir kube ub f,read().split('\n'):
		if line:
			repo, file, pkey = line.split(",")
			keys.add(pkey)

for priv in keys:
	try:
		p = BitcoinPrivateKey(priv)
		pub = p.public_key().address()
		r = requests.get("https://blockchain.info/rawaddr/{}".format(pub))
		time.sleep(1)
		print '{} {} {:20} {:20} {:20} ".format(priv, pub,
				r.json()['final_balance'],
				r.json()['total_received'],
				r.json()['total_sent'])
	except (AssertionError, IndexError):
		pass
	except ValueError:
		print r
		print r.text

Or you can use regular expression for Bitcoin private keys:

^5[HJK][1-9A-Za-z][^OIl]{49}

This script got a lot of private keys from GitHsub. After harvesting it was not problem to check Bitcoin balances. These keys has Bitcoin balances and some have Bitcoin Cash. As far as we know, now access to GitHub database is closed. And we will try to parse each page with regular expression.