DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.

The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just require your Github Access Token to fetch the information.

Also Read – Kerbrute : A Tool to Perform Kerberos Pre-Auth Bruteforcing


  1. Download the DumpTheGit repository into your system.
  2. Move the repository’s file in your webserver(example: Tomcat, XAMPP, LAMP, default(MAC apache) etc.)
  3. Open the index.html to access the tool.


Credit: Malkit Singh & Shubham Shubhankar Sharma