Gitrob is a tool to help find potentially sensitive information pushed to repositories on GitLab or Github. Gitrob will clone repositories belonging to a user or group/organization down to a configurable depth and iterate through the commit history and flag files and/or commit content that match signatures for potentially sensitive information. The findings will be presented through a web interface for easy browsing and analysis.
gitrob [options] target [target2] ... [targetN]
IMPORTANT If you are targeting a GitLab group, please give the group ID as the target argument. You can find the group ID just below the group name in the GitLab UI. Otherwise, names with suffice for the target arguments.
-bind-address string
Address to bind web server to (default "127.0.0.1")
-commit-depth int
Number of repository commits to process (default 500)
-debug
Print debugging information
-exit-on-finish
Let the program exit on finish. Useful for automated scans.
-github-access-token string
Github access token to use for API requests (set one)
-gitlab-access-token string
GitLab access token to use for API requests (set one)
-in-mem-clone
Clone repositories into memory for faster analysis depending on your hardware
-load string
Load session file from specified path
-mode int {1, 2, or 3}
Designate a mode for execution. Mode 1 (default) searches for file signature matches. Mode 2 (-mode 2) searches for file signature matches. Given a file signature match, mode 2 then attempts to match on content in order to produce a result. Mode 3 (-mode 3) searches by content matches only. In mode 3, no file signature matches are performed.
-no-expand-orgs
Don't add members to targets when processing organizations
-port int
Port to run web server on (default 9393)
-save string
Save session to a file at the given path
-silent
Suppress all output except for errors
-threads int
Number of concurrent threads (default number of logical CPUs)
Scan a GitLab group assuming your access token has been added to the environment variable with name GITROB_GITLAB_ACCESS_TOKEN. Look for file signature matches only:
gitrob <gitlab_group_id>
Scan a multiple GitLab groups assuming your access token has been added to the environment variable with name GITROB_GITLAB_ACCESS_TOKEN. Clone repositories into memory for faster analysis. Set the scan mode to 2 to scan each file match for a content match before creating a result. Save the results to ./output.json
:
gitrob -in-mem-clone -mode 2 -save "./output.json" <gitlab_group_id_1> <gitlab_group_id_2>
Scan a GitLab groups assuming your access token has been added to the environment variable with name GITROB_GITLAB_ACCESS_TOKEN. Clone repositories into memory for faster analysis. Set the scan mode to 3 to scan each commit for content matches only. Save the results to ./output.json
:
gitrob -in-mem-clone -mode 3 -save "./output.json" <gitlab_group_id>
Scan a Github user setting your Github access token as a parameter. Clone repositories into memory for faster analysis.
gitrob -github-access-token <token> -in-mem-clone <github_user_name>
Regular expressions are included in the filesignatures.json and contentsignatures.json files respectively. Edit these files to adjust your scope and fine-tune your results.
A session stored in a file can be loaded with the -load
option:
gitrob -load ./output.json
Gitrob will start its web interface and serve the results for analysis.
A precompiled version is available for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.
To install from source, make sure you have a correctly configured Go >= 1.8 environment and that $GOPATH/bin
is in your $PATH
. Also, make sure you have installed dep locally.
$ go get github.com/codeEmitter/gitrob
$ cd ~/go/src/github.com/codeEmitter/gitrob
$ dep ensure
$ go build
Note that installing with go install
will not work due to the static json file dependencies. However, it was deemed more useful to have the files be adjustable without recompiling the binary than to have everything bundled into the binary itself.
The included Dockerfile can be used to build images needed to run gitrob. You can build a basic image with:
docker build . -t gitrob:latest
You can then run the container, optionally specifying how many logical CPUs to allocate for concurrency with:
docker run -p 9393:9393 --cpus <NUM_CPUS> gitrob:latest -bind-address 0.0.0.0 -github-access-token <token> -in-mem-clone -mode 2 <target1> <target2> ...
With this container running, use your browser to hit the UI with: http://localhost:9393.
Alternatively, the included docker-compose.yml can be used with docker-compose
. Make sure to set either GITROB_GITHUB_ACCESS_TOKEN
or GITROB_GITLAB_ACCESS_TOKEN
in the docker-compose.yml
file. Do not set both the environment variables as Gitrob only supports one at a time. After that, you can create a file targets.txt
in the repo directory with targets in every line:
target1
target2
And then execute the following command to run gitrob on the targets specified: docker-compose up --build
The UI can be accessed at http://localhost:9393.
Gitrob will need either a GitLab or Github access token in order to interact with the appropriate API. You can create a GitLab personal access token, or a Github personal access token and save it in an environment variable in your .bashrc
or similar shell configuration file:
export GITROB_GITLAB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
export GITROB_GITHUB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
Alternatively you can specify the access token with the -gitlab-access-token
or -github-access-token
option on the command line, but watch out for your command history!