git-wild-hunt: hunt for credentials in github

git-wild-hunt

A tool to hunt for credentials in the GitHub wild AKA git*hunt.

What checks get run regexes.json

This file contains all the regexes that will be used to check against the raw content filed returned for a search. Feel free to add/modify and include any specific ones that match the credential you are trying to find. This was graciously borrowed from truffleHog

Currently verified credentials via regex:

• AWS API Key
• Amazon AWS Access Key ID
• Amazon MWS Auth Token
• Facebook Access Token
• Facebook OAuth
• Generic API Key
• Generic Secret
• GitHub
• Google (GCP) Service-account
• Google API Key
• Google Cloud Platform API Key
• Google Cloud Platform OAuth
• Google Drive API Key
• Google Drive OAuth
• Google Gmail API Key
• Google Gmail OAuth
• Google OAuth Access Token
• Google YouTube API Key
• Google YouTube OAuth
• Heroku API Key
• MailChimp API Key
• Mailgun API Key
• PGP private key block
• Password in URL
• PayPal Braintree Access Token
• Picatic API Key
• RSA private key
• SSH (DSA) private key
• SSH (EC) private key
• Slack Token
• Slack Webhook
• Square Access Token
• Square OAuth Secret
• Stripe API Key
• Stripe Restricted API Key
• Twilio API Key
• Twitter Access Token
• Twitter OAuth

Use

usage: git-wild-hunt.py [-h] -s SEARCH [-c CONFIG] [-v]



optional arguments:

  -h, --help            show this help message and exit

  -s SEARCH, --search SEARCH

                        search to execute

  -c CONFIG, --config CONFIG

                        config file path

  -v, --version         shows current git-wild-hunt version

GitHub search examples

the -s flag accepts any GitHub advance search query, see some examples below

Find GCP JWT token files

python git-wild-hunt.py -s “extension:json filename:creds language:JSON”

Find AWS API secrets

python git-wild-hunt.py -s “path:.aws/ filename:credentials”

Find Azure JWT Token

python git-wild-hunt.py -s “extension:json path:.azure filename:accessTokens language:JSON”

Find GSUtils configs

python git-wild-hunt.py -s “path:.gsutil filename:credstore2”

Find Kubernetes config files

python git-wild-hunt.py -s “path:.kube filename:config”

Searching for Jenkins credentials.xml file

python git-wild-hunt.py -s “extension:xml filename:credentials.xml language:XML”

Find secrets in .circleci

python git-wild-hunt.py -s “extension:yml path:.circleci filename:config language:YAML”

Generic credentials.yml search

python git-wild-hunt.py -s “extension:yml filename:credentials.yml language:YAML”

Install

Copyright (C) 2020 Jose Hernandez @d1vious