gitGraber is a device advanced in Python3 to observe GitHub to look and to find delicate knowledge for various on-line services and products akin to: Google, Amazon, Paypal, Github, Mailgun, Fb, Twitter, Heroku, Stripe…
don’t come simplest from the organizations themselves, but in addition from carrier suppliers and workers, who don’t essentially have a “profile” indicating that they paintings for a specific group. .
Regex are meant to be the extra actual than imaginable. Every so often, perhaps you’ll have false-positive, be at liberty to give a contribution to reinforce recon and upload new regex for trend detection.
We choose to scale back false high-quality as an alternative to ship notification for each and every “usual” API key which might discovered via gitGraber however beside the point for hunter.
How you can use gitGraber ?
utilization: gitGraber.py [-h] [-k KEYWORDSFILE] [-q QUERY] [-s] [-w WORDLIST]
not obligatory arguments:
-h, --help display this assist message and go out
-k KEYWORDSFILE, --keyword KEYWORDSFILE
Specify a key phrases document (-k keywordsfile.txt)
-q QUERY, --query QUERY
Specify your question (-q "apikey")
-s, --slack Allow slack notifications
-w WORDLIST, --wordlist WORDLIST
Create a that fills dynamically with
found out filenames on GitHub
gitGraber wishes some dependencies, to put in them for your atmosphere:
pip3 set up -r necessities.txt
Prior to to begin gitGraber you want to change the configuration document
- Upload your personal Github tokens :
GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
- Upload your personal Slack
SLACK_WEBHOOKURL = 'https://hooks.slack.com/services and products/TXXXX/BXXXX/XXXXXXX' :
To start out and use gitGraber :
python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s
We propose making a cron that can execute the script regulary:
*/10 * * * * cd /BugBounty/gitGraber/ && /usr/bin/python3 gitGraber.py -k wordlists/key phrases.txt -q "uber" -s >/dev/null 2>&1
Wordlists & Assets
Some had been created via us and a few others are impressed from different repo/researcher
- Hyperlink :
- Hyperlink :
- Upload extra regex & patterns
- Upload a “combo take a look at” module (for services and products like Twilio that require two tokens)
- Upload multi threads
- Upload bearer token detections
- Trade token cleansing output
- Upload person and org names show in notifications
This venture is made for academic and moral functions simplest. Utilization of this instrument for attacking goals with out prior mutual consent is prohibited. Builders think no legal responsibility and aren’t liable for any misuse or injury led to via this instrument.