Git Hound makes it easy to find exposed APi keys on GitHub using pattern matching, targetted querying, and a scoring system.
This differs from other OSINT GitHub scanners by searching keywords across GitHub rather than targeting specific repositories, exposing a fundamentally different set of results.
GitRob is an excellent tool that specifically targets an organization or user’s owned repositories for secrets. A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes.
Usage
echo "tillsongalloway.com" | python git-hound.py
or python git-hound.py --subdomain-file subdomains.txt
We also offer a number of flags to target specific patterns (known service API keys), file names (.htpasswd, .env), and languages (python, javascript).
Also Read – Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM
--subdomain-file
– The file with the subdomains--api-keys
– Enable generic API key searching. This uses common API key patterns and Shannon entropy to find potential exposed API keys.--output
– The output file (default is stdout)--output-type
– The output type (requires output flag to be set; default is flatfile)--many-results
– Use result sorting to scrape more than 100 pages of results--results-only
– Print only regexed results to stdout. Useful for piping into another script--all
– Print all URLs, including ones with no pattern match. Otherwise, the scoring system will do the work.--regex-file
– Supply a custom regex file--language-file
– Supply a custom file with languages to search.--config-file
– Custom config file (default is config.yml
)--pages
– Max pages to search (default is 100, the page maximum)--silent
– Don’t print results to stdout (most reasonably used with –output).--no-antikeywords
– Don’t attempt to filter out known mass scans--only-filtered
– Only search filtered queries (languages, file extensions)--debug
– Print debug messages. Helpful for debugging slow expressions.pip install -r requirements.txt
(or pip3
)config.yml
file with GitHub credentials. See config.example.yml for an example. Accounts with 2FA are not currently supported.echo "tillsongalloway.com" | python git-hound.py
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…