Scan for sensitive information easily and effectively.
The project is based on go with vue to build a management system for sensitive information detection. This is the total fresh version, you can refer the old version here. For the full introduction of the new version, please refer here.
- Support multi platform, including Gitlab, Github, Searchcode
- Flexible menu and API permission setting
- Flexible rules and filter rules
- Utilize gobuster to brute force subdomain
- Easily used management system
For the deployment, it's suggested to install nginx. Place the dist folder under html, modify the nginx.conf to reverse proxy the backend service. I have also made a video for the deployment in bilibili and youtube. For the deploment in windows, refer here.
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8888;
}
The deployment work is very easy. Find the corresponding binary zip file from releases. Unzip and run. Remember to copy the files inside dist to html folder of nginx.
./gshark web
./gshark scan
git clone https://github.com/madneal/gshark.git
cd server
go mod tidy
mv config-temp.yaml config.yaml
go build
./gshark web
If you want to set up the scan service, please run:
./gshark scan
cd ../web
npm install
npm run serve
USAGE:
gshark [global options] command [command options] [arguments...]
COMMANDS:
web Startup a web Service
scan Start to scan github leak info
help, h Show a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d Debug Mode
--host value, -H value web listen address (default: "0.0.0.0")
--port value, -p value web listen port (default: 8000)
--time value, -t value scan interval(second) (default: 900)
--help, -h show help
--version, -v print the version
To execute ./gshark scan, you need to add a Github token for crawl information in github. You can generate a token in tokens. Most access scopes are enough. For Gitlab search, remember to add token too.
- Default username and password to login
gshark/gshark
- Database initial failed
make sure the version of mysql is over 5.6. And remove the databse before initial the second time.
go get ./... connection error
It's suggested to enable goproxy(refer this article for golang upgrade):
go env -w GOPROXY=https://goproxy.cn,direct
go env -w GO111MODULE=on
If you would like to join wechat group, you can add my wechat mmadneal with the message gshark.
GShark 是 404Team 星链计划2.0中的一环,如果对 GShark 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。