gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
License: GNU General Public License v3.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
[i] Status code : 403
[!] Unexpected response
{
"documentation_url": "https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits",
"message": "You have exceeded a secondary rate limit. Please wait a few minutes before you try again."
}
Some times tool throws an error like below
Exception HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /sourcecrypto/sourcecrypto.github.io/fe56883109388622f010e0163cdef88721e25890/_site/posts/Bitcoin/lightning/index.html (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7efdb59fc350>: Failed to establish a new connection: [Errno -2] Name or service not known'))
The following keeps happening after running it successfully for a while. it does not matter what domain.
python3 gitGraber.py -k wordlists/keywords.txt -q \”domainexample.com" -s
[i] Status code : 200
Traceback (most recent call last):
File "gitGraber.py", line 351, in <module>
responses = searchGithub(keywordsFile, args)
File "gitGraber.py", line 307, in searchGithub
pool.map( partial(doSearchGithub,args,tokenMap, tokenCombos), t_keywords )
File "/usr/lib/python3.6/multiprocessing/pool.py", line 266, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.6/multiprocessing/pool.py", line 644, in get
raise self._value
File "/usr/lib/python3.6/multiprocessing/pool.py", line 119, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.6/multiprocessing/pool.py", line 44, in mapstar
return list(map(*args))
File "gitGraber.py", line 288, in doSearchGithub
content = parseResults(response.text)
AttributeError: 'NoneType' object has no attribute 'text'
hello bro can you update and add this to bypass rate limit
I added discord webhook , but it`s not sending me the alert.
Traceback (most recent call last):
File "gitGraber.py", line 9, in
import argcomplete
ModuleNotFoundError: No module named 'argcomplete'
Hello,
I put two tokens in config file.
I'v got no results from "yahoo" keyword (or anything else) like on your command line example :
python3 gitGraber.py -k wordlists/keywords.txt -q "yahoo" -s
Only this output
[+] Github query : https://api.github.com/search/code?q=yahoo access_key&sort=indexed&o=desc
[i] Status code : 200
No any kind of urls.
Any ideas ?
To add the OpenAI API and secret key, you would need to follow the steps provided by OpenAI for integrating their API into your application. Typically, this involves creating an account on the OpenAI platform, generating API keys, and then using those keys in your application to authenticate and make requests to the OpenAI API. If you need specific instructions on how to do this, please let me know and I can provide more detailed guidance.
pip3 install -r requirements.txtDefaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: requests==2.31.0 in /home/kali/.local/lib/python3.11/site-packages (from -r requirements.txt (line 1)) (2.31.0)
Requirement already satisfied: argcomplete==3.2.1 in /home/kali/.local/lib/python3.11/site-packages (from -r requirements.txt (line 2)) (3.2.1)
Requirement already satisfied: python_crontab==2.3.9 in /home/kali/.local/lib/python3.11/site-packages (from -r requirements.txt (line 3)) (2.3.9)
Requirement already satisfied: termcolor==1.1.0 in /home/kali/.local/lib/python3.11/site-packages (from -r requirements.txt (line 4)) (1.1.0)
Requirement already satisfied: charset-normalizer<4,>=2 in /home/kali/.local/lib/python3.11/site-packages (from requests==2.31.0->-r requirements.txt (line 1)) (2.1.1)
Requirement already satisfied: idna<4,>=2.5 in /home/kali/.local/lib/python3.11/site-packages (from requests==2.31.0->-r requirements.txt (line 1)) (3.3)
Requirement already satisfied: urllib3<3,>=1.21.1 in /home/kali/.local/lib/python3.11/site-packages (from requests==2.31.0->-r requirements.txt (line 1)) (1.26.9)
Requirement already satisfied: certifi>=2017.4.17 in /home/kali/.local/lib/python3.11/site-packages (from requests==2.31.0->-r requirements.txt (line 1)) (2022.6.15)
Requirement already satisfied: python-dateutil in /usr/lib/python3/dist-packages (from python_crontab==2.3.9->-r requirements.txt (line 3)) (2.8.2)
┌──(kali㉿kali)-[~/Desktop/tools/gitGraber]
└─$ sudo python3 gitGraber.py -k wordlists/keywords.txt -q "etsy.com"
Traceback (most recent call last):
File "/home/kali/Desktop/tools/gitGraber/gitGraber.py", line 21, in
from crontab import CronTab
ModuleNotFoundError: No module named 'crontab'
Can we develop the tool and solve this problem?
And how we manage API rate !!
plz someone help me make this regex was function normally in gitgrabber.
(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])
Because this aws secret key, i need to make AKIAAAAAAAAAAAA:YYYYYYYYYYYYYYYYYYYY like twilio format. thank you before
Hi Team,
Even though I have installed and configured the token to work, but prompted with below issues,
#python3 gitGraber.py -k filename_keywords.txt -q "xyz.net"
Traceback (most recent call last):
File "gitGraber.py", line 340, in
initFile(args.wordlist)
File "gitGraber.py", line 30, in initFile
if not name or os.path.getsize(name) == 0:
File "/usr/lib/python3.8/genericpath.py", line 50, in getsize
return os.stat(filename).st_size
FileNotFoundError: [Errno 2] No such file or directory: 'filename_keywords.txt'
How to proceed further without any issues, I need to know the reason behind it.
what is the name of terminal that you use in the Readme.md
For some keywords I am getting 403 response & rate limit exceeded. Can you please tell me if I can go around it.
It would be great to get an aggregate report of findings so there's a trackable history of issues that have been found.
Hi team, im facing issue while running this tool, i already install dependencies but it still giving me error..
root@kali:~/tools/gitGraber# pip3 install -r requirements.txt
Requirement already satisfied: requests==2.18.4 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 1)) (2.18.4)
Requirement already satisfied: argcomplete==1.10.0 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 2)) (1.10.0)
Requirement already satisfied: python_crontab==2.3.9 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 3)) (2.3.9)
Requirement already satisfied: termcolor==1.1.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 4)) (1.1.0)
root@kali:~/tools/gitGraber# python3 gitGraber.py
Traceback (most recent call last):
File "gitGraber.py", line 313, in <module>
argcomplete.autocomplete(parser)
AttributeError: module 'argcomplete' has no attribute 'autocomplete'
I created my token in github but is giving this error.
[i] Github query : https://api.github.com/search/code?q=uber access_key&sort=indexed&o=desc
[i] Status code : 401
Was attempting to do a multi query search like the below but it breaks due to the space in the middle. I tried adding %20 instead of the space but the encoding breaks it.
-q "org:TestOrg is:public"
Public org only repo's
I can see a few false positive issues come up with a few key types, particularly with GitHub. I'd recommend a bi-annual review of key changes to see if regex patterns need to be updated. Gitleaks does a good job at this and I'd recommend to take a look at some of their config files as reference.
Hi, I was wondering if you could add the option of storing the actual response of the keyword that was found during a query.
To elaborate on this, if I am doing a scan for "yahoo.com" and I get a access_key found (possible aws token found) I would like the tool to store the actual contents of the whole file that the key was found in.
Please let me know.
Thanks,
@th3-alch3m1st
I edited config.py with my github token and I got this:
[i] Sleeping 61 sec
[i] Status code : 401
[!] Unexpected HTTP response 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
[i] Github query : https://api.github.com/search/code?q=%22snapchat.com%22%20access_key&sort=indexed&o=desc
I missed something?
hi man!!
i got this error whenever i run the tool without any result !! any help?
``
`[i] Github query : https://api.github.com/search/code?q=%20%20database_host&sort=indexed&o=desc
[i] Status code : 401
[i] Status code : 401
[!] Unexpected HTTP response 401
[!] Unexpected HTTP response 401
{"message":"Bad credentials","documentation_url":"https://docs.github.com/rest"}
{"message":"Bad credentials","documentation_url":"https://docs.github.com/rest"}
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.