Code Monkey home page Code Monkey logo

git-hound's Introduction

Git Hound

A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes.

Git Hound

Git Hound makes it easy to find exposed APi keys on GitHub using pattern matching, targetted querying, and a scoring system. This differs from other OSINT GitHub scanners by searching keywords across GitHub rather than targetting specific repositories, exposing a fundamentally different set of results. GitRob is an excellent tool that specifically targets an organization or user's owned repositories for secrets.

Usage

echo "tillsongalloway.com" | python git-hound.py or python git-hound.py --subdomain-file subdomains.txt We also offer a number of flags to target specific patterns (known service API keys), file names (.htpasswd, .env), and languages (python, javascript).

Flags

  • --subdomain-file - The file with the subdomains
  • --output - The output file (default is stdout)
  • --output-type - The output type (requires output flag to be set; default is flatfile)
  • --all - Print all URLs, including ones with no pattern match. Otherwise, the scoring system will do the work.
  • --regex-file - Supply a custom regex file
  • --api-keys - Enable generic API key searching. This uses common API key patterns and Shannon entropy to find potential exposed API keys.
  • --language-file - Supply a custom file with languages to search.
  • --config-file - Custom config file (default is config.yml)
  • --pages - Max pages to search (default is 100, the page maximum)
  • --silent - Don't print results to stdout (most reasonably used with --output).
  • --no-antikeywords - Don't attempt to filter out known mass scans
  • --only-filtered - Only search filtered queries (languages, file extensions)
  • --debug - Print debug messages. Helpful for debugging slow expressions.

Setup

  1. Clone this repo
  2. Use a Python 3 environment (recommended: virtulenv or Conda)
  3. pip install -r requirements.txt (or pip3)
  4. Set up a config.yml file with GitHub credentials. See config.example.yml for an example. Accounts with 2FA are not currently supported.
  5. echo "tillsongalloway.com" | python git-hound.py

git-hound's People

Contributors

tillson avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.