GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some features like:
That is why I created this tool – GitMonitor. GitMonitor uses two different sets of rules to find what you need. The Searching rules will search for repositories that may be related to your organization or internal projects, or anything else, clone repositories that matched to local. Then, Sensitive filtering rules to check if those repositories exist sensitive information. Finally the tool will report via Slack. You can use this tool with Cronjob to create a monitoring system to track sensitive information related to your organization that leaked on Github and receive results via Slack.
Features
Also Read – Locator : Geolocator, IP Tracker, Device Info by URL (Serveo & Ngrok)
Requirements
Tested on Ubuntu 18.04.
Setup
Python3 -m pip install -r requirements.txt
Please make sure you have Pyyaml version 5x or higher installed
[git]
user = <username_git>
pass = <password_git>
url_code = https://api.github.com/search/code?q={}+in:file&sort=indexed&order=desc
url_repos = https://api.github.com/search/repositories?q={}+size:>0+is:public&sort=indexed&order=desc
url_commit = https://api.github.com/search/commits?q={}+is:public&sort=indexed&order=desc
rpp = 50
[slack]
webhooks =<full_link_webhooks>
[path]
rule =<path to rule folder>
source =<path to folder to clone repository>
log =<filename of log>
[msg]
start = ====================*====================
*Start scanning at {}*
_Clone completed successfully:_
end = ====================*====================
*Scanning Done at {}*
_Detected possible repository:_
all = ====================**====================
id: Project_X_Matching key: X language: - java #filename: # - LICENSE #extension: # - py # - md ignore: # language: # - php filename: - LICENSE extension: - html - txt
Python3 gitmonitor.py
Nmap (Network Mapper) is a free tool that helps you find devices on a network,…
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…