github search: Tools to perform basic search on GitHub

github search: Tools to perform basic search on GitHub

All tools who contact the GitHub API require at least one token to be able to perform multiple queries. The best way to deal with it is to create a single text file in the repository called .tokens with 1 token per line. Then all scripts will load this file.

The project includes:

• git-history.py

  This script performs regexps on all repositories located in a specified folder and subfolders. But more it searches in the history of the repositories, not only the current version of the files. All commits are checked!

• git-history.sh

  Same same but different. Strongly inspired by TomNomNom onliner published on Twitter, this small bash script also looks for patterns in the history of Git repositories.

• git-pillage.py

  Inspired by gitpillage.sh. I wanted to make it faster and more verbose, it was also a nice way to practice that exercise on Pentesterlab about Git directory structure.

• github-contributors.py

  This script returns some information about the peoples listed as contributors of every repository of an organization.

• github-dorks.php

  Performs dorks on GitHub for the users/organizations provided (the list can be provided by separating users/orgs with a comma). Dorks must be listed in a single text file. Results are not stored (could be an option?), only the number or results is displayed.

• github-dorks.py

  The Python version of the previous script. It’s supposed to be much faster (and more stable) because of the multi-thread option, but unfortunately GitHub rate limit on search code is pretty low so use it carefully.

• github-employees.py

  (try to) Find GitHub account of employees of a company through Google search and displays some basics information about them.

  2 mods are available for now:

  • github, Google dork is: site:github.com [term], nicknames are the ones returned
  • linkedin, Google dork is: site:linkedin.com/in [term], nicknames are generated by the script using firstname and lastname

  Since the script uses the magnificent Goop from s0md3v, a Facebook cookie is required to bypass the Google rate limit (can be provided on the command line or environment variable).

• github-endpoints.py

  Improve your recon by searching endpoints on GitHub. Very useful, you can also get some extras subdomains. Relative urls can be displayed or not as well as external domain urls. Based on regexp, it also has an exclude list. Feed it as much as you can to filter the results the way you like!

• github-grabrepo.php

  A very simple script that clones all public repositories belonging to a given user/organization.

• github-search.php

  Perform code search through GitHub API.

• github-subdomains.py

  Find additional subdomains on GitHub. Very useful during your recon phase, you will probably get some extras subdomains other tools didn’t find because not public.

• github-survey/index.php

  A web page that displays GitHub search results of dorks set in a config file github-survey.json located in the same directory. This file also contains an exclude list, so results considered as useless are skipped. The exclude list is feeded through buttons on that same page.

  The first version of my GitHub survey script.

  It performs GitHub search using the same config file mentioned above but does not exclude anything. An alert is sent to a Slack channel if the total_count is superior to the total_count of the previous run (it’s crontabed).

• github-survey2.py

  Unfortunately, I understood later that GitHub API is not so reliable. If you perform several searches in a row (same dork), using the API or the website, you’ll notice that the results counter varies. Because of that, I got many many (too many) notifications on my Slack, mostly false positive.

• github-users.py

  This script performs a user search using GitHub API and displays some information about them.

Download & Use