Tag Archives: Github

Octosuite : Advanced Github OSINT Framework

Octosuite is a framework fro gathering osint on GitHub users, repositories and organization. Features Fetches an organization’s profile informationFetches an oganization’s eventsReturns an organization’s repositoriesReturns an organization’s public membersFetches a repository’s informationReturns a repository’s contributorsReturns a repository’s languagesFetches a repository’s stargazersFetches a repository’s forksFetches a repository’s releasesReturns a list of files in a specified path …

Continue reading “Octosuite : Advanced Github OSINT Framework”

Legitify : Detect & Remediate Misconfigurations & Security Risks Across All Your GitHub Assets

Legitify is a tool to strengthen the security posture of your GitHub organization. Detect and remediate misconfigurations, security and compliance issues across all your GitHub assets with ease. Installation Provenance To enhance the software supply chain security of legitify’s users, as of v0.1.6, every legitify release contains a SLSA Level 3 Provenance document.The provenance document …

Continue reading “Legitify : Detect & Remediate Misconfigurations & Security Risks Across All Your GitHub Assets”

Octosuite : Advanced Github OSINT Framework

Octosuite is an open-source lightweight yet advanced osint framework that targets Github users and organizations. With over 10+ features, octosuite only runs on 2 external dependencies (for the GitHub alt) and 1 dependency (for the PyPI package). And returns the gathered intel in a well and highly readable format. Installation Clone from Github git clone …

Continue reading “Octosuite : Advanced Github OSINT Framework”

Sigurlfind3R : A Reconnaissance Tool To Fetch URLs From AlienVault’s OTX

Sigurlfind3R is a passive reconnaissance tool, it fetches known URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. Usage sigurlfind3r -h This will display help for the tool. () _ _ _ _ _ | |/ ()_ | | / _/ | |/ | | | | ‘__| | |_| | ‘_ \ / _ | | | …

Continue reading “Sigurlfind3R : A Reconnaissance Tool To Fetch URLs From AlienVault’s OTX”

Gitrecon : OSINT Tool To Get Information From A Github Profile

Gitrecon is a OSINT tool to get information from a Github or Gitlab profile and find user’s email addresses leaked on commits. How does this work? GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their …

Continue reading “Gitrecon : OSINT Tool To Get Information From A Github Profile”

TheCl0n3r : Tool To Download & Manage Your Git Repositories

TheCl0n3r will allow you to download and manage your git repositories. About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing system, make it simpler …

Continue reading “TheCl0n3r : Tool To Download & Manage Your Git Repositories”

Commit-Stream : OSINT Tool For Finding Github Repositories

Commit-Stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code (filter by email domain) Identify repositories belonging to an individual …

Continue reading “Commit-Stream : OSINT Tool For Finding Github Repositories”

shhgit : Finds Secrets & Sensitive Files Across GitHub

shhgit finds secrets and sensitive files across GitHub (including Gists), GitLab and BitBucket committed in near real time. There are many great tools available to help with this depending on which side of the fence you sit. On the adversarial side, popular tools such as gitrob and truggleHog focus on digging in to commit history …

Continue reading “shhgit : Finds Secrets & Sensitive Files Across GitHub”

GitMonitor : A Github Scanning System To Look For Leaked Sensitive Information Based On Rules

GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some features like: A scanning …

Continue reading “GitMonitor : A Github Scanning System To Look For Leaked Sensitive Information Based On Rules”

Git-Hound : PinPoints Exposed API Keys On GitHub Using Pattern Matching

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. A batch-catching, pattern-matching, patch-attacking secret snatcher. Features GitHub/Gist code searching. This enables GitHound to locate sensitive information exposed across all of GitHub, uploaded by any user. Generic API key detection …

Continue reading “Git-Hound : PinPoints Exposed API Keys On GitHub Using Pattern Matching”