GitGot: rapidly search through troves of public data on GitHub for sensitive secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

How it Works

During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users can blacklist files by filename, repository name, username, or a fuzzy match of the file contents.

Blacklists generated from previous sessions can be saved and reused against similar queries (e.g., example.com v.s. subdomain.example.com v.s. Example Org). Sessions can also be paused and resumed at any time.

Read more about the semi-automated, human-in-the-loop design here.

Install

Ubuntu/Debian

apt-get install libfuzzy-dev ssdeep

Mac OSX

brew install ssdeep

Download

git clone https://github.com/BishopFox/GitGot.git
pip3 install -r requirements.txt

Use

GitHub requires a token for rate-limiting purposes. Create a GitHub API token with no permissions/no scope. This will be equivalent to public GitHub access, but it will allow access to use the GitHub Search API. Set this token at the top of gitgot.py as shown below:

After adding the token, you are ready to go:

# Query for the string "example.com" using the default RegEx list and logfile location (/logs/<query>.log)

./gitgot.py -q example.com



# Using GitHub advanced search syntax

./gitgot.py -q "org:github cats"



# Custom RegEx List and custom log files location

./gitgot.py -q example.com -f checks/default.list -o example1.log



# Recovery from existing session

./gitgot.py -q example.com -r example.com.state



# Using an existing session (w/blacklists) for a new query

./gitgot.py -q "Example Org" -r example.com.state

Query Syntax

GitGot queries are fed directly into the GitHub code search API, so check out GitHub’s documentation for more advanced query syntax.

UI Commands

• Ignore similar [c]ontent: Blacklists a fuzzy hash of the file contents to ignore future results that are similar to the selected file
• Ignore [r]epo/[u]ser/[f]ilename: Ignores future results by blacklisting selected strings
• Search [/(mykeyword)]: Provides a custom regex expression with a capture group to searches on-the-fly (e.g., /(secretToken))
• [a]dd to Log: Add RegEx matches to log file, including all on-the-fly search results from the search command
• Next[<Enter>], [b]ack: Advances through search results, or returns to previous results
• [s]ave state: Saves the blacklists and progress in the search results from the session
• [q]uit: Quit

Copyright (C) 2019 BishopFox

Source: https://github.com/BishopFox/