/GitDiscloser

Python recon tool for Github information disclosure research

Primary LanguagePython

GitDiscloser

Python recon tool for Github information disclosure research

Install:

$ git clone https://github.com/mathis2001/GitDiscloser

$ cd GitDiscloser

$ python3 gitdiscloser.py

Requirements:

  • Python3

  • Pip3

  • Pygithub

$ pip3 install pygithub

Usage:

Search: ./gitdiscloser.py [-h] [-s "github search"] [-f wordlist] [-l limit] [-u] [-n] [-c]
Profiling: ./gitdiscloser.py [-h] [-r repository link |-p username]
Advanced: ./gitdiscloser.py [-h] [-a user/repository] [-f wordlist] [-l limit]

options:

Options
  ---------------------------------------------------------
        -h   Show this help message
  Search:
        -s   search request
        -u   search for urls in code
        -f   find word matches with a wordlist
        -n   sort by the more recently indexed
        -l   limit (limit of results wanted)
        -c   profile information for each result
  Profiling:
        -r   profile information by repository link
        -p   profile information by username
  Advanced (commits scan):
        -a   repository (mathis/GitDiscloser)
        -f   find word matches in commits with a wordlist
  --------------------------------------------------------
  Config 

        Simply put your github token in your environment variables as 'GITHUB_TOKEN'.

Configuration:

In your Github account, clic on your profile in the top right of the page.

Then go to settings > Developer settings > personal access tokens > Generate a new token.

Give a name to your token, select only the public_repo access and clic on "Generate token".

image

You can now copy your token and paste it in your environment variables.

Use case:

You search for information disclosure on a target website/domain (exp:target.com), so you can use GitDiscloser like this:

./gitdiscloser.py -s target.com -f <wordlist> -n

or if you want to use dorks:

./gitdiscloser.py -s "<dork>:target.com" -f <wordlist> -n

this command will make a github search on all recently shared file ("-n") and will search for all keywords of your wordlist in it ("-f").

If the tool find interesting results, you maybe want to know more about the author of the file. So you can use the profiling option of GitDiscloser to get profile information about it and then see his/her firstname and the company where he/she work. (if company is not written in his/her github account, you can check his/her firstname on Linkedin to check it).

Exemple:

GitDiscloser response:

https://raw.githubusercontent.com/mathis2001/code.xyz

Possible secret(s) found in file:

[+] token

Check if mathis2001 work at target.com:

./gitdiscloser -r https://raw.githubusercontent.com/mathis2001/code.xyz or -p mathis2001

you can also profile each results with the '-c' option.

If your target work at the target company, you can now check for (potentially other) information disclosure in his/her other codes thanks to the "user:" dork Exemple:

./gitdiscloser -s "user:<username>" -f <wordlist> -n

To go deeper, GitDiscloser is also able to check for secrets in commits.

./gitdiscloser -a mathis2001/GitDiscloser -f <wordlist>

Some screens:

image image image image image image

TO DO

  • fix bugs
  • Add an output file option (you can use "| tee -a" to get an output anyway")
  • Secondary rate-limit restriction when making a query with to many responses.