gitGraber – Tool To Monitor GitHub To Search And Find Sensitive Data For Different Online Services Such As: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe…

gitGraber is a device evolved in Python3 to observe GitHub to look and to find delicate information for various on-line products and services similar to: Google, Amazon, Paypal, Github, Mailgun, Fb, Twitter, Heroku, Stripe…
leaks don’t come best from the organizations themselves, but in addition from provider suppliers and staff, who don’t essentially have a “profile” indicating that they paintings for a specific group. .
Regex are meant to be the extra exact than imaginable. Every so often, perhaps you’re going to have false-positive, be happy to give a contribution to enhance recon and upload new regex for trend detection.
We want to cut back false effective as an alternative to ship notification for each and every “usual” API key which might discovered by way of gitGraber however beside the point for hunter.

Tips on how to use gitGraber ?

utilization: [-h] [-k KEYWORDSFILE] [-q QUERY] [-s] [-w WORDLIST]

not obligatory arguments:
-h, --help display this assist message and go out
Specify a key phrases record (-k keywordsfile.txt)
-q QUERY, --query QUERY
Specify your question (-q "apikey")
-s, --slack Permit slack notifications
-w WORDLIST, --wordlist WORDLIST
Create a wordlist that fills dynamically with
found out filenames on GitHub

gitGraber wishes some dependencies, to put in them to your setting:
pip3 set up -r necessities.txt

Ahead of to begin gitGraber you wish to have to switch the configuration record :

  • Upload your personal Github tokens : GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
  • Upload your personal Slack Webhook : SLACK_WEBHOOKURL = ' and services/TXXXX/BXXXX/XXXXXXX'

Tips on how to create Slack Webhook URL
To start out and use gitGraber : python3 -k wordlists/key phrases.txt -q "uber" -s
We advise making a cron that can execute the script regulary:
*/10 * * * * cd /BugBounty/gitGraber/ && /usr/bin/python3 -k wordlists/key phrases.txt -q "uber" -s >/dev/null 2>&1

Wordlists & Assets
Some wordlists were created by way of us and a few others are impressed from different repo/researcher

  • Hyperlink :
  • Hyperlink :


  • Upload extra regex & patterns
  • Upload a “combo test” module (for products and services like Twilio that require two tokens)
  • Upload multi threads
  • Upload bearer token detections
  • Alternate token cleansing output
  • Upload person and org names show in notifications


This undertaking is made for academic and moral trying out functions best. Utilization of this device for attacking objectives with out prior mutual consent is prohibited. Builders think no legal responsibility and aren’t accountable for any misuse or harm led to by way of this device.

Obtain gitGraber