gitrob v2.0.0 release: Reconnaissance tool for GitHub organizations

Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.

Changelog v2.0.0

Added

• Total rewrite of Gitrob in Golang
• Find interesting files in history down to a default (and configurable) depth of 500 commits
• Hexdump view for binary files
• Saving and loading of session files for easy sharing

Removed

• All the stupid Rubygems with native extensions
• PostgreSQL dependency
• Messy assessment comparison feature
• User overview
• Repository overview

Download

Usage

Gitrob will need a Github access token in order to interact with the Github API. Create a personal access token and save it in an environment variable in your .bashrc or similar shell configuration file:

export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef

Alternatively, you can specify the access token with the -github-access-token option, but watch out for your command history!

Analyzing organizations and users

Analyzing organizations and users is the main feature of Gitrob. The analyze command accepts an arbitrary amount of organization and user logins, which will be bundled into an assessment:

gitrob analyze acme,johndoe,janedoe

Mixing organizations and users is convenient if you know that a certain user is part of an organization but they do not have their membership public.

When the assessment is finished, the analyze command will automatically start up the web server to present the results. This can be avoided by adding the –no-server option to the command.

See gitrob help analyze for more options.

Running Gitrob against custom GitHub Enterprise installations

Gitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The analyze command takes several options to control this:

gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api/v3 --access-tokens=token1,token2

See gitrob help analyze for more options.

Starting the Gitrob web server

The Gitrob web server can be started with the server command:

gitrob server

By default, the server will listen on localhost:9393. This can, of course, all be controlled:

gitrob server --bind-address=0.0.0.0 --port=8000

Copyright (c) 2018 Michael Henriksen

Source: https://github.com/michenriksen/