Dig through Git commits and logs
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docker
lib
output
scripts
webserver
.gitignore
README.md
docker-compose.yml
files_to_look_for.txt
gumbler.py
requirements.txt

README.md

Project no longer maintained.

Hi! This project is no longer maintained as better options now exist. I would recommend:

gumbler

Gumbler is a tool to dig for sensitive files committed in the history of the project. It uses the .gitignore and a starter file (i.e. files_to_look_for.txt) as a seed list. It then checks every branch and commit to see if that file was committed at some point.

Usage

To parse a repo cloned from github and view the results:

python gumbler.py -r "./projects/[REPO_NAME]" -a -p "[ORG_NAME]/[REPO_NAME]"
python gumbler.py -o server -x "./output"

To parse a local repo and view the results:

python gumbler.py -r "./projects/[REPO_NAME]" -a 
python gumbler.py -o server 

To clone a remote repo, store the results in the project directory, and analyze:

python gumbler.py -s projects -p https://github.com/BuffaloWill/NaughtyGitProject.git
python gumbler.py -o server 

To import a previously generated json file into the database

python gumbler.py -j output/myfile.json

# import the entire directory containing json files

python gumbler.py -j output

To view all files from results containing yml

http://localhost:5000/files?file=yml

Installation

Features:

  • Lightweight, portable results (i.e. json, html)
  • View and search the results via flask server
  • No Github API keys required. It can be used against repo's discovered during OSINT and not tied to Github.

Future Features:

  • (Goal) Support svn and mecurial

Warning

There are lots of bugs and, quite a few, false negatives. Please create an issue if you find something. The project is being actively maintained.