gitGraber – Software To Observe GitHub To Seek And In finding Delicate Information For Other On-line Products and services Such As: Google, Amazon, Paypal, Github, Mailgun, Fb, Twitter, Heroku, Stripe…

gitGraber is a device advanced in Python3 to observe GitHub to look and to find delicate knowledge for various on-line services and products akin to: Google, Amazon, Paypal, Github, Mailgun, Fb, Twitter, Heroku, Stripe…
leaks don’t come simplest from the organizations themselves, but in addition from carrier suppliers and workers, who don’t essentially have a “profile” indicating that they paintings for a specific group. .
Regex are meant to be the extra actual than imaginable. Every so often, perhaps you’ll have false-positive, be at liberty to give a contribution to reinforce recon and upload new regex for trend detection.
We choose to scale back false high-quality as an alternative to ship notification for each and every “usual” API key which might discovered via gitGraber however beside the point for hunter.

How you can use gitGraber ?

utilization: gitGraber.py [-h] [-k KEYWORDSFILE] [-q QUERY] [-s] [-w WORDLIST]

not obligatory arguments:
-h, --help display this assist message and go out
-k KEYWORDSFILE, --keyword KEYWORDSFILE
Specify a key phrases document (-k keywordsfile.txt)
-q QUERY, --query QUERY
Specify your question (-q "apikey")
-s, --slack Allow slack notifications
-w WORDLIST, --wordlist WORDLIST
Create a wordlist that fills dynamically with
found out filenames on GitHub

Dependencies
gitGraber wishes some dependencies, to put in them for your atmosphere:
pip3 set up -r necessities.txt

Configuration
Prior to to begin gitGraber you want to change the configuration document config.py :

  • Upload your personal Github tokens : GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
  • Upload your personal Slack Webhook : SLACK_WEBHOOKURL = 'https://hooks.slack.com/services and products/TXXXX/BXXXX/XXXXXXX'

How you can create Slack Webhook URL
To start out and use gitGraber : python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s
We propose making a cron that can execute the script regulary:
*/10 * * * * cd /BugBounty/gitGraber/ && /usr/bin/python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s >/dev/null 2>&1

Wordlists & Assets
Some wordlists had been created via us and a few others are impressed from different repo/researcher

  • Hyperlink : https://gist.github.com/nullenc0de/fa23444ed574e7e978507178b50e1057
  • Hyperlink : https://github.com/streaak/keyhacks

TODO

  • Upload extra regex & patterns
  • Upload a “combo take a look at” module (for services and products like Twilio that require two tokens)
  • Upload multi threads
  • Upload bearer token detections
  • Trade token cleansing output
  • Upload person and org names show in notifications

Authors

Disclaimer
This venture is made for academic and moral checking out functions simplest. Utilization of this instrument for attacking goals with out prior mutual consent is prohibited. Builders think no legal responsibility and aren’t liable for any misuse or injury led to via this instrument.

Obtain gitGraber