Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Project no longer maintained.

Hi! This project is no longer maintained as better options now exist. I would recommend:

gumbler

Gumbler is a tool to dig for sensitive files committed in the history of the project. It uses the .gitignore and a starter file (i.e. files_to_look_for.txt) as a seed list. It then checks every branch and commit to see if that file was committed at some point.

Usage

To parse a repo cloned from github and view the results:

python gumbler.py -r "./projects/[REPO_NAME]" -a -p "[ORG_NAME]/[REPO_NAME]"
python gumbler.py -o server -x "./output"

To parse a local repo and view the results:

python gumbler.py -r "./projects/[REPO_NAME]" -a 
python gumbler.py -o server 

To clone a remote repo, store the results in the project directory, and analyze:

python gumbler.py -s projects -p https://github.com/BuffaloWill/NaughtyGitProject.git
python gumbler.py -o server 

To import a previously generated json file into the database

python gumbler.py -j output/myfile.json

# import the entire directory containing json files

python gumbler.py -j output

To view all files from results containing yml

http://localhost:5000/files?file=yml

Installation

Features:

  • Lightweight, portable results (i.e. json, html)
  • View and search the results via flask server
  • No Github API keys required. It can be used against repo's discovered during OSINT and not tied to Github.

Future Features:

  • (Goal) Support svn and mecurial

Warning

There are lots of bugs and, quite a few, false negatives. Please create an issue if you find something. The project is being actively maintained.

About

Dig through Git commits and logs

Resources

Releases

No releases published

Packages

No packages published