Categories: Kali Linux

Git Hound – Find Exposed Keys Across GitHub Using Code Search Keywords

Git Hound makes it easy to find exposed APi keys on GitHub using pattern matching, targetted querying, and a scoring system.

This differs from other OSINT GitHub scanners by searching keywords across GitHub rather than targeting specific repositories, exposing a fundamentally different set of results. 

GitRob is an excellent tool that specifically targets an organization or user’s owned repositories for secrets. A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes.

Usage

echo "tillsongalloway.com" | python git-hound.py or python git-hound.py --subdomain-file subdomains.txt We also offer a number of flags to target specific patterns (known service API keys), file names (.htpasswd, .env), and languages (python, javascript).

Also Read – Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM

Flags

  • --subdomain-file – The file with the subdomains
  • --api-keys – Enable generic API key searching. This uses common API key patterns and Shannon entropy to find potential exposed API keys.
  • --output – The output file (default is stdout)
  • --output-type – The output type (requires output flag to be set; default is flatfile)
  • --many-results – Use result sorting to scrape more than 100 pages of results
  • --results-only – Print only regexed results to stdout. Useful for piping into another script
  • --all – Print all URLs, including ones with no pattern match. Otherwise, the scoring system will do the work.
  • --regex-file – Supply a custom regex file
  • --language-file – Supply a custom file with languages to search.
  • --config-file – Custom config file (default is config.yml)
  • --pages – Max pages to search (default is 100, the page maximum)
  • --silent – Don’t print results to stdout (most reasonably used with –output).
  • --no-antikeywords – Don’t attempt to filter out known mass scans
  • --only-filtered – Only search filtered queries (languages, file extensions)
  • --debug – Print debug messages. Helpful for debugging slow expressions.

Setup

  • Clone this repo
  • Use a Python 3 environment (recommended: virtulenv or Conda)
  • pip install -r requirements.txt (or pip3)
  • Set up a config.yml file with GitHub credentials. See config.example.yml for an example. Accounts with 2FA are not currently supported.
  • echo "tillsongalloway.com" | python git-hound.py
R K

Recent Posts

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

5 hours ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

18 hours ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

1 day ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago