gitGraber – Tool To Monitor GitHub To Search And Find Sensitive Data For Different Online Services Such As: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe…

gitGraber is a device evolved in Python3 to observe GitHub to look and to find delicate information for various on-line products and services similar to: Google, Amazon, Paypal, Github, Mailgun, Fb, Twitter, Heroku, Stripe…
leaks don’t come best from the organizations themselves, but in addition from provider suppliers and staff, who don’t essentially have a “profile” indicating that they paintings for a specific group. .
Regex are meant to be the extra exact than imaginable. Every so often, perhaps you’re going to have false-positive, be happy to give a contribution to enhance recon and upload new regex for trend detection.
We want to cut back false effective as an alternative to ship notification for each and every “usual” API key which might discovered by way of gitGraber however beside the point for hunter.

Tips on how to use gitGraber ?

utilization: gitGraber.py [-h] [-k KEYWORDSFILE] [-q QUERY] [-s] [-w WORDLIST]

not obligatory arguments:
-h, --help display this assist message and go out
-k KEYWORDSFILE, --keyword KEYWORDSFILE
Specify a key phrases record (-k keywordsfile.txt)
-q QUERY, --query QUERY
Specify your question (-q "apikey")
-s, --slack Permit slack notifications
-w WORDLIST, --wordlist WORDLIST
Create a wordlist that fills dynamically with
found out filenames on GitHub

Dependencies
gitGraber wishes some dependencies, to put in them to your setting:
pip3 set up -r necessities.txt

Configuration
Ahead of to begin gitGraber you wish to have to switch the configuration record config.py :

  • Upload your personal Github tokens : GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
  • Upload your personal Slack Webhook : SLACK_WEBHOOKURL = 'https://hooks.slack.com/products and services/TXXXX/BXXXX/XXXXXXX'

Tips on how to create Slack Webhook URL
To start out and use gitGraber : python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s
We advise making a cron that can execute the script regulary:
*/10 * * * * cd /BugBounty/gitGraber/ && /usr/bin/python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s >/dev/null 2>&1

Wordlists & Assets
Some wordlists were created by way of us and a few others are impressed from different repo/researcher

  • Hyperlink : https://gist.github.com/nullenc0de/fa23444ed574e7e978507178b50e1057
  • Hyperlink : https://github.com/streaak/keyhacks

TODO

  • Upload extra regex & patterns
  • Upload a “combo test” module (for products and services like Twilio that require two tokens)
  • Upload multi threads
  • Upload bearer token detections
  • Alternate token cleansing output
  • Upload person and org names show in notifications

Authors

Disclaimer
This undertaking is made for academic and moral trying out functions best. Utilization of this device for attacking objectives with out prior mutual consent is prohibited. Builders think no legal responsibility and aren’t accountable for any misuse or harm led to by way of this device.

Obtain gitGraber