/GitMiner

Tool for advanced mining for content on Github

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Screenshot

 + Autor: Danilo Vaz a.k.a. UNK
 + Blog: http://unk-br.blogspot.com
 + Github: http://github.com/danilovazb
 + Twitter: https://twitter.com/danilovaz_unk

WARNING

 +---------------------------------------------------+
 | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT        |
 | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY    |
 | THIS PROGRAM                                      |
 +---------------------------------------------------+

DESCRIPTION

Advanced search tool and automation in Github.
This tool aims to facilitate research by code or code 
snippets on github through the site's search page.

MOTIVATION

Demonstrates the fragility of trust in public repositories to store codes with sensitive information.

REQUIREMENTS

lxml
requests

INSTALL

git clone http://github.com/danilovazb/GitMiner

sudo apt-get install python-requests python-lxml 
OR
pip install -r requirements.txt

Docker

git clone http://github.com/danilovazb/GitMiner
cd GitMiner
docker build -t gitminer .
docker run -it gitminer -h

HELP

 ██████╗ ██╗████████╗███╗   ███╗██╗███╗   ██╗███████╗██████╗
██╔════╝ ██║╚══██╔══╝████╗ ████║██║████╗  ██║██╔════╝██╔══██╗
██║  ███╗██║   ██║   ██╔████╔██║██║██╔██╗ ██║█████╗  ██████╔╝
██║   ██║██║   ██║   ██║╚██╔╝██║██║██║╚██╗██║██╔══╝  ██╔══██╗
╚██████╔╝██║   ██║   ██║ ╚═╝ ██║██║██║ ╚████║███████╗██║  ██║
 ╚═════╝ ╚═╝   ╚═╝   ╚═╝     ╚═╝╚═╝╚═╝  ╚═══╝╚══════╝╚═╝  ╚═╝ v1.1
 Automatic search for GitHub.

 + Autor: Danilo Vaz a.k.a. UNK
 + Blog: http://unk-br.blogspot.com
 + Github: http://github.com/danilovazb
 + Gr33tz: l33t0s, RTFM

 +[WARNING]------------------------------------------+
 | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT        |
 | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY    |
 | THIS PROGRAM                                      |
 +---------------------------------------------------+


       [-h] [-q 'filename:shadow path:etc']
       [-m wordpress] [-o result.txt]
       [-c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4]

optional arguments:
  -h, --help            show this help message and exit
  -q 'filename:shadow path:etc', --query 'filename:shadow path:etc'
                        Specify search term
  -m wordpress, --module wordpress
                        Specify the search module
  -o result.txt, --output result.txt
                        Specify the output file where it will be
                        saved
  -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4, --cookie pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
                        Specify the cookie for your github

EXAMPLE

Searching for wordpress configuration files with passwords:

$:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt

Screenshot

Looking for brasilian government files containing passwords:

$:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Looking for shadow files on the etc paste:

$:> python git_miner.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Searching for joomla configuration files with passwords:

$:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Screenshot

Hacking SSH Servers

Hacking SSH Servers