josehelps / git-wild-hunt Goto Github PK
View Code? Open in Web Editor NEWA tool to hunt for credentials in github wild AKA git*hunt
License: Apache License 2.0
A tool to hunt for credentials in github wild AKA git*hunt
License: Apache License 2.0
python3 git-wild-hunt.py -s "path:.ssh filename:id_rsa" 100% 144.4 Mbps
git-wild-hunt is using config at path git-wild-hunt.conf
2021-07-26 22:34:31,597 - INFO - git-wild-hunt - INIT - git-wild-hunt v1
Traceback (most recent call last):
File "//git-wild-hunt/git-wild-hunt.py", line 216, in /git-wild-hunt/git-wild-hunt.py", line 19, in load_regexes
regexes = load_regexes(config['regexes'])
File "/
regexes = json.loads(f.read())
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 3 column 5 (char 52)
How do I get Github credentials? I'm not getting in any way
would be nice to have a match on strings with high entroy additionally to regex!
If you’ll indulge me by leaving this open a bit,
I’d like to contribute 1) a GitHub action .yml and 2) see about wiring up Docker release images to publish on the repo.
...
Both are straightforward tasks.
Shouldn’t be more than an hour this weekend if I play my cards right.
—-
Why?
I don’t have python on my host, and would like to use your project. Which means the developing the above contributions preempt me using it much anyways. 🙂
Wrt this issue, in a more meta sense: Just, saw 0 issues, and would love to not only use this but contribute upstream if you’re interested.
—-
Would you like an upstream ~PR? Lmk thoughts on this facet and if you’d like that to take a certain form.
Feel free to delete, mark wontfix, etc, nbd.
Wanted to stub this for provenances’ sake prior to allocating the dev cycles.
Cheers!
e
All warnings for matches are displayed twice in the output, and duplicate entries exist in results.json
, even after it is deleted before the script has run.
2020-08-22 11:16:43,640 - INFO - git-wild-hunt - processing potential leak #1 on redacted
2020-08-22 11:16:43,906 - INFO - git-wild-hunt - processing potential leak #2 on redacted
2020-08-22 11:16:44,135 - INFO - git-wild-hunt - processing potential leak #3 on redacted url A
2020-08-22 11:16:44,321 - WARNING - git-wild-hunt - url: redacted
check: Amazon AWS Access Key ID matches: ['redacted key A']
2020-08-22 11:16:44,321 - WARNING - git-wild-hunt - url: redacted
check: AWS API Key matches: ['redacted key A']
2020-08-22 11:16:44,908 - INFO - git-wild-hunt - processing potential leak #4 on redacted
2020-08-22 11:16:45,282 - INFO - git-wild-hunt - processing potential leak #5 on redacted
2020-08-22 11:16:45,616 - INFO - git-wild-hunt - processing potential leak #6 on redacted
(venv) ~/git/git-wild-hunt$ cat results.json | jq '.[] | .url' | wc -l
203
(venv) ~/git/git-wild-hunt$ cat results.json | jq '.[] | .url' | sort -u | wc -l
100
(venv) ~/git/git-wild-hunt$ cat results.json | jq '.[] | .matches' | grep '"' | wc -l
219
(venv) ~/git/git-wild-hunt$ cat results.json | jq '.[] | .matches' | grep '"' | sort -u | wc -l
104
It fails if I mention the organization search fitler. I am trying to use this to scan our private Github organization:
python git-wild-hunt.py -s " extension:yml org:myorg filename:deploy.yml language:YAML"
Here is the error code:
My questions:
Can I use it to scan my private repo with the right token?
Does it support organization search filter?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.