Enterprise-Grade Security Reconnaissance for GitHub Repositories
π Quick Start β’ π Documentation β’ π Plugins β’ π‘οΈ Security β’ π€ Contributing
GitReaper is a modular, enterprise-grade CLI platform that enables security researchers and DevSecOps teams to identify infrastructure vulnerabilities across GitHub repositories with high confidence and minimal false positives.
Transform your security reconnaissance workflow from manual, error-prone processes into automated, scalable vulnerability detection across thousands of repositories.
- π Comprehensive Asset Discovery - Extract and validate assets from 20+ file types with intelligent confidence scoring
- β‘ High-Performance Scanning - Async validation pipeline supporting 100+ concurrent requests with circuit breaker protection
- 𧩠Extensible Plugin Architecture - Custom parsers, validators, classifiers, and reporters for specialized security needs
- π‘οΈ Security-First Design - 99% test coverage, secure plugin sandboxing, and enterprise-grade error handling
- π Multi-Format Reporting - JSON, Markdown, HTML, CSV, and SARIF outputs for seamless CI/CD integration
# Install via pip (recommended)
pip install gitreaper
# Or install from source
git clone https://github.com/Draco3310/GitReaper.git
cd GitReaper
pip install -e .# Scan a single repository
gitreaper scan https://github.com/example/repo
# Scan an entire organization
gitreaper scan-org example-org --token $GITHUB_TOKEN
# Generate different report formats
gitreaper scan example/repo --output json --file results.json
gitreaper scan example/repo --output html --file report.html# Pull and run GitReaper container
docker run -it gitreaper/gitreaper:latest scan example/repo
# Mount configuration and output directories
docker run -v $(pwd)/config:/config -v $(pwd)/output:/output \
gitreaper/gitreaper:latest scan-org example-org| Vulnerability Type | Description | Severity |
|---|---|---|
| Subdomain Takeover | CNAME hijacking and dangling DNS records | π΄ Critical |
| Cloud Service Takeover | AWS S3, Heroku, GitHub Pages, Azure, GCP | π΄ Critical |
| Broken External Links | Dead URLs with intelligent retry logic | π‘ Medium |
| Infrastructure Debt | Abandoned domains, expired certificates | π High |
| Package Registry Issues | NPM, PyPI, RubyGems dependency validation | π‘ Medium |
| Container Vulnerabilities | Docker Hub, GitHub Container Registry | π High |
Configuration & Infrastructure:
YAML,JSON,XML,TOML,INITerraform(.tf),CloudFormation,KubernetesDocker(Dockerfile, docker-compose.yml)
Documentation & Code:
Markdown,reStructuredText,AsciiDoc- Source code with URL extraction
GitHub Actions,GitLab CI,Jenkins
Package Manifests:
package.json,requirements.txt,GemfileCargo.toml,go.mod,composer.json
# Real-world performance metrics
β
50+ repositories/minute with full validation
β
100+ concurrent HTTP/DNS validation requests
β
<1GB memory usage for 1000-repository scans
β
Sub-millisecond cache lookups for 1M+ entries
β
99% test coverage for enterprise reliabilityGitReaper's modular architecture supports custom plugins for specialized security requirements:
| Type | Purpose | Examples |
|---|---|---|
| Parsers | Extract assets from custom file types | HCL Parser, YAML Extensions |
| Validators | Custom validation logic | SSL Certificate Analysis, DNS Security |
| Classifiers | Vulnerability categorization | ML-based Risk Scoring, CVSS Integration |
| Reporters | Custom output formats | Slack Integration, Jira Tickets |
| Notifiers | Real-time alerting | Teams/Discord Bots, Email Alerts |
from gitreaper.plugins import ValidatorPlugin
class CustomSSLValidator(ValidatorPlugin):
async def validate_asset(self, asset):
# Custom SSL validation logic
return ValidationResult(...)
# Register plugin
gitreaper.register_plugin(CustomSSLValidator())π Plugin Development Guide | π Plugin Marketplace
GitReaper is designed with security-first principles for use in sensitive environments:
- π Secure Plugin Sandboxing - Isolated execution environment for third-party plugins
- π‘οΈ Input Sanitization - Protection against path traversal and injection attacks
- π Credential Management - Keyring integration and encrypted configuration
- π Audit Logging - Comprehensive security event tracking
- β‘ Rate Limiting - Respectful API usage with adaptive throttling
Report Security Issues: Please follow our Security Policy for responsible disclosure.
{
"repository": "example/vulnerable-app",
"vulnerabilities": [
{
"type": "subdomain_takeover",
"severity": "critical",
"asset": "api.abandoned-service.com",
"description": "Subdomain points to unclaimed Heroku app",
"risk_score": 9.5,
"remediation": "Remove CNAME record or claim the service"
}
],
"summary": {
"total_assets": 247,
"vulnerable_assets": 3,
"risk_score": 7.8
}
}# Security Scan Report - example/vulnerable-app
## π΄ Critical Vulnerabilities (1)
- **Subdomain Takeover**: api.abandoned-service.com
- Points to unclaimed Heroku app
- **Impact**: Complete subdomain control possible
## Summary
- β
Valid Assets: 244/247
- β Vulnerable Assets: 3
- π― Overall Risk Score: 7.8/10GitReaper follows a modular, plugin-based architecture designed for enterprise scalability:
graph TB
CLI[CLI Interface] --> ORCH[Scan Orchestrator]
ORCH --> ACQ[Repository Acquisition]
ACQ --> PARSE[Parsing Engine]
PARSE --> EXTRACT[Asset Extractor]
EXTRACT --> VALIDATE[Validation Pipeline]
VALIDATE --> CLASSIFY[Vulnerability Classifier]
CLASSIFY --> REPORT[Report Generator]
PLUGINS[Plugin System] --> PARSE
PLUGINS --> VALIDATE
PLUGINS --> CLASSIFY
PLUGINS --> REPORT
CACHE[Cache Manager] --> VALIDATE
CONFIG[Configuration Core] --> ORCH
π Detailed Architecture Guide | π Plugin API Reference
# Bug bounty reconnaissance
gitreaper scan-org target-company --scan-depth deep --report html
# Subdomain takeover hunting
gitreaper scan target/repos --focus subdomains --notify slack# Organizational security audit
gitreaper scan-org internal-org --compliance --report sarif
# Continuous monitoring
gitreaper monitor --config enterprise.yaml --schedule daily# GitHub Actions workflow
- name: GitReaper Security Scan
uses: gitreaper/action@v1
with:
target: ${{ github.repository }}
fail-on: critical,high
report: sarif- v1.1 - Machine Learning vulnerability classification
- v1.2 - Advanced cloud provider integrations (AWS, Azure, GCP)
- v1.3 - GraphQL API and web dashboard
- v1.4 - Kubernetes operator for cluster-wide scanning
- v2.0 - Real-time monitoring and alerting platform
π Full Roadmap | π‘ Feature Requests
We welcome contributions from the security community! GitReaper thrives on collaboration.
- π Bug Reports - Help us improve reliability
- π‘ Feature Requests - Shape the future of GitReaper
- π Plugin Development - Extend functionality for specialized needs
- π Documentation - Improve user and developer experience
- π§ͺ Testing - Enhance our 99% coverage standard
π Contributing Guide | π― Good First Issues
GitReaper is released under the MIT License. Free for commercial and non-commercial use.
GitReaper builds upon the foundation of github-scanner-local, transforming bash scripts into an enterprise-grade Python platform. We're grateful to the security research community for continuous feedback and contributions.
Special thanks to:
- The original GSL contributors for the foundational concepts
- Security researchers who provided real-world testing scenarios
- Enterprise users who shaped our scalability requirements
- Open source contributors who make GitReaper better every day
Built with β€οΈ by the security community, for the security community
β Star us on GitHub β’ π¦ Follow on Twitter β’ π¬ Join Discord