Skip to content
Permalink
Browse files

Added Docker Support

  • Loading branch information...
the-bumble committed Jul 23, 2019
1 parent 3310a19 commit 24e755869dadcf57e441810c83939ef6752b3bfd
Showing with 78 additions and 3 deletions.
  1. +42 −0 Dockerfile
  2. +16 −3 README.md
  3. +20 −0 gitgot-docker.sh
@@ -0,0 +1,42 @@
# Build and run with docker_run.sh
# e.g., ./docker_run.sh -q example.com
#
# Thank you to Ilya Glotov (https://github.com/ilyaglow) for help with
# this minimal alpine image

FROM python:3-alpine

ENV SSDEEP_VERSION="release-2.14.1" \
BUILD_DEPS="build-base \
automake \
autoconf \
libtool"

ADD requirements.txt .
RUN apk --update --no-cache add $BUILD_DEPS \
git \
libffi-dev \
&& git clone --depth=1 --branch=$SSDEEP_VERSION https://github.com/ssdeep-project/ssdeep.git \
&& cd ssdeep \
&& autoreconf -i \
&& ./configure \
&& make \
&& make install \
&& cd / \
&& rm -rf /ssdeep \
\
&& pip3 install -r requirements.txt \
\
&& apk del $BUILD_DEPS \
\
&& adduser -D gitgot

VOLUME ["/gitgot/logs", "/gitgot/states"]

WORKDIR /gitgot
USER gitgot

ADD checks /gitgot/checks
ADD gitgot.py .
ENTRYPOINT ["python3", "gitgot.py"]
CMD [ "-h" ]
@@ -10,23 +10,25 @@

## Description

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.
GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

<p align="center">
<img src="example_usage.png" width=80%/>
</p>

### How it Works

During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users can blacklist files by filename, repository name, username, or a fuzzy match of the file contents.
During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users can blacklist files by filename, repository name, username, or a fuzzy match of the file contents.

Blacklists generated from previous sessions can be saved and reused against similar queries (e.g.,
Blacklists generated from previous sessions can be saved and reused against similar queries (e.g.,
`example.com` v.s. `subdomain.example.com` v.s. `Example Org`). Sessions can also be paused and resumed at any time.

Read more about the semi-automated, human-in-the-loop design here: https://know.bishopfox.com/blog/going-semi-automated-in-an-automated-world-using-human-in-the-loop-workflows-to-improve-our-security-tools

## Install Instructions

### Manual Instructions

[1] Install the `ssdeep` dependency for fuzzy hashing.

Ubuntu/Debian (or equivalent for your distro):
@@ -45,6 +47,17 @@ For Windows or *nix distributions without the `ssdeep` package, please see the [
pip3 install -r requirements.txt
```
### Docker Instructions
Run `gitgot-docker.sh` to build the GitGot docker image (if it doesn't already exist) and execute the dockerized version of the GitGot tool.
On invocation, `gitgot-docker.sh` will create and mount `logs` and `states` directories from the host's current working directory. If this `gitgot-docker.sh` is executed from the GitGot project directory it will update the docker container with changes to `gitgot.py` or `checks/`:
```sh
./gitgot-docker.sh -q example.com
```
(See `gitgot-docker.sh` for specific docker commands)
## Usage
GitHub requires a token for rate-limiting purposes. Create a [GitHub API token](https://github.com/settings/tokens) with **no permissions/no scope**. This will be equivalent to public GitHub access, but it will allow access to use the GitHub Search API. Set this token at the top of `gitgot.py` as shown below:
@@ -0,0 +1,20 @@
#!/bin/bash

if [[ -f "Dockerfile" && -f "gitgot.py" ]]; then
if [ -z $(docker images -q gitgot) ]; then
# Display output on fresh container build
docker build -t gitgot .
else
# Silent rebuild if in project directory
docker build -t gitgot . 2>&1 > /dev/null
fi
else
echo "Not in project directory. Skipping container update/rebuild..."
fi


docker run --rm -it \
-e GITHUB_ACCESS_TOKEN=$GITHUB_ACCESS_TOKEN \
-v $PWD/logs:/gitgot/logs \
-v $PWD/states:/gitgot/states \
gitgot $@

0 comments on commit 24e7558

Please sign in to comment.
You can’t perform that action at this time.