gitGraber是一个用Python3开发的工具,用于监控GitHub信息泄露,以便为不同的在线服务实时搜索和查找敏感数据
例如:
Google,Amazon,Paypal,Github,Mailgun,Facebook,Twitter,Heroku,Stripe ……
gitGraber使用正则匹配,可能会有偏差,可以随时调整规则。
git clone https://github.com/hisxo/gitGraber.git
pip3 install -r requirements.txt
在启动gitGraber之前,需要修改配置文件config.py,如下所示
:
(1).添加您自己的Github标记
GITHUB_TOKENS = ['yourToken1Here','yourToken2Here']
(2).添加你自己的Slack Webhook
SLACK_WEBHOOKURL = 'https://hooks.slack.com/services/TXXXX/BXXXX/XXXXXXX'
(3).开始使用gitGraber
python3 gitGraber.py -k wordlists/keywords.txt -q "uber" -s
(4).建议创建一个定期执行脚本的cron
*/15 * * * * cd /BugBounty/gitGraber/ && /usr/bin/python3 gitGraber.py -k wordlists/keywords.txt -q "uber" -s >/dev/null 2>&1
usage: gitGraber.py [-h] [-k KEYWORDSFILE] [-q QUERY] [-s] [-w WORDLIST]
optional arguments:
-h, --help show this help message and exit
-k KEYWORDSFILE, --keyword KEYWORDSFILE
Specify a keywords file (-k keywordsfile.txt)
-q QUERY, --query QUERY
Specify your query (-q "apikey")
-s, --slack Enable slack notifications
-w WORDLIST, --wordlist WORDLIST
Create a wordlist that fills dynamically with
discovered filenames on GitHub
点击关注"哆啦安全"视频号
商务合作
点击原文底部左下角的"阅读原文"