Git-Hound - Discovery Exposed Keys Across Github Using Code Search Keywords
H5N1 pattern-matching, batch-catching surreptitious snatcher. This projection is intended to live on used for educational purposes.
Git Hound makes it tardily to respect exposed API keys on GitHub using designing matching, targetted querying, together with a scoring system.
Usage
echo "tillsongalloway.com" | python git-hound.py
or python git-hound.py --subdomain-file subdomains.txt
We likewise offering a release of flags to target specific patterns (known service API keys), file names (.htpasswd, .env), together with languages (python, javascript).Flags
--subdomain-file
- The file amongst the subdomains--output
- The output file (default is stdout)--output-type
- The output type (requires output flag to live on set; default is flatfile)--all
- Print all URLs, including ones amongst no designing match. Otherwise, the scoring organisation volition exercise the work.--regex-file
- Supply a custom regex file--api-keys
- Enable generic API fundamental searching. This uses mutual API fundamental patterns together with Shannon entropy to respect potential exposed API keys.--language-file
- Supply a custom file amongst languages to search.--config-file
- Custom config file (default isconfig.yml
)--pages
- Max pages to search (default is 100, the page maximum)--silent
- Don't impress results to stdout (most reasonably used amongst --output).--no-antikeywords
- Don't campaign to filter out known volume scans--only-filtered
- Only search filtered queries (languages, file extensions)
Setup
- Clone this repo
- Use a Python three environs (recommended: virtulenv or Conda)
pip install -r requirements.txt
(orpip3
)- Set upward a
config.yml
file amongst GitHub credentials. See config.example.yml for an example. Accounts amongst 2FA are non currently supported. echo "tillsongalloway.com" | python git-hound.py