Categories: Kali Linux

Git Hound – Find Exposed Keys Across GitHub Using Code Search Keywords

Git Hound makes it easy to find exposed APi keys on GitHub using pattern matching, targetted querying, and a scoring system.

This differs from other OSINT GitHub scanners by searching keywords across GitHub rather than targeting specific repositories, exposing a fundamentally different set of results. 

GitRob is an excellent tool that specifically targets an organization or user’s owned repositories for secrets. A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes.

Usage

echo "tillsongalloway.com" | python git-hound.py or python git-hound.py --subdomain-file subdomains.txt We also offer a number of flags to target specific patterns (known service API keys), file names (.htpasswd, .env), and languages (python, javascript).

Also Read – Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM

Flags

  • --subdomain-file – The file with the subdomains
  • --api-keys – Enable generic API key searching. This uses common API key patterns and Shannon entropy to find potential exposed API keys.
  • --output – The output file (default is stdout)
  • --output-type – The output type (requires output flag to be set; default is flatfile)
  • --many-results – Use result sorting to scrape more than 100 pages of results
  • --results-only – Print only regexed results to stdout. Useful for piping into another script
  • --all – Print all URLs, including ones with no pattern match. Otherwise, the scoring system will do the work.
  • --regex-file – Supply a custom regex file
  • --language-file – Supply a custom file with languages to search.
  • --config-file – Custom config file (default is config.yml)
  • --pages – Max pages to search (default is 100, the page maximum)
  • --silent – Don’t print results to stdout (most reasonably used with –output).
  • --no-antikeywords – Don’t attempt to filter out known mass scans
  • --only-filtered – Only search filtered queries (languages, file extensions)
  • --debug – Print debug messages. Helpful for debugging slow expressions.

Setup

  • Clone this repo
  • Use a Python 3 environment (recommended: virtulenv or Conda)
  • pip install -r requirements.txt (or pip3)
  • Set up a config.yml file with GitHub credentials. See config.example.yml for an example. Accounts with 2FA are not currently supported.
  • echo "tillsongalloway.com" | python git-hound.py
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

3 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

3 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

5 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

1 week ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago