Saturday, June 17, 2017

Github Dorks – Github Security Scanning Tool

7:24 AM Leave a Reply
Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on.

Github Dorks - Github Security Scanning Tool

github-dork.py is a simple Python tool that can search through your repository or your organisation/user repositories. It’s not a perfect tool at the moment but provides a basic functionality to automate the search on your repositories against the dorks specified in the text file.

You can also check out: Gitrob – Scan Github For Sensitive Files




Installation

This tool uses github3.py to talk with the GitHub Search API.

Clone the repository and run:


pip install -r requirements.txt
1
pip install -r requirements.txt
Usage


GH_USER  - Environment variable to specify github user
GH_PWD   - Environment variable to specify password
GH_TOKEN - Environment variable to specify github token
GH_URL   - Environment variable to specify GitHub Enterprise base URL
1
2
3
4
GH_USER  - Environment variable to specify github user
GH_PWD   - Environment variable to specify password
GH_TOKEN - Environment variable to specify github token
GH_URL   - Environment variable to specify GitHub Enterprise base URL
Some example usages are listed below:


python github-dork.py -r techgaun/github-dorks                          # search single repo

python github-dork.py -u techgaun                                       # search all repos of user

python github-dork.py -u dev-nepal                                      # search all repos of an organization

GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     # search as authenticated user

GH_TOKEN=<github_token> python github-dork.py -u dev-nepal              # search using auth token

GH_URL=https://github.example.com python github-dork.py -u dev-nepal    # search a GitHub Enterprise instance
1
2
3
4
5
6
7
8
9
10
11
python github-dork.py -r techgaun/github-dorks                          # search single repo

python github-dork.py -u techgaun                                       # search all repos of user

python github-dork.py -u dev-nepal                                      # search all repos of an organization

GH_USER=techgaun GH_PWD=<mypass> python github-dork.py -u dev-nepal     # search as authenticated user

GH_TOKEN=<github_token> python github-dork.py -u dev-nepal              # search using auth token

GH_URL=https://github.example.com python github-dork.py -u dev-nepal    # search a GitHub Enterprise instance
You can download Github Dorks here

0 comments :