GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Switch branches/tags
Nothing to show
Clone or download
Latest commit f58ced7 Oct 31, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
gsil fix when space and quote coexist Sep 12, 2018
tests add tests Apr 18, 2018
.gitignore init Jan 16, 2018
CNAME Update CNAME Jan 21, 2018
LICENSE init Jan 16, 2018 add verify tokens validity Sep 10, 2018 add verify tokens validity Sep 10, 2018
_config.yml Set theme jekyll-theme-midnight Jan 21, 2018
config.gsil.example add cc mails Aug 24, 2018 init Jan 16, 2018
requirements.txt fix security for requests Oct 31, 2018
rules.gsil.example Update rules.gsil.example Feb 26, 2018

GSIL(GitHub Sensitive Information Leakage)


Monitor Github sensitive information leaks in near real time and send alert notifications.


Python3(Python2 is not tested)

$ git clone
$ cd gsil/
$ pip install -r requirements.txt


gsil/config.gsil(Rename by config.gsil.example): Alarm mailbox and Github configuration

host :
# SMTP port (Not SSL port, but will use TLS encryption)
port : 25
# Multiple senders are separated by comma (,)
mails :
from : GSIL
password : your_password
# Multiple recipients are separated by comma (,)
to :

# Whether the scanned data will be cloned to the local area immediately
# Clone to ~/.gsil/codes/ directory
clone: false

# Github Token, multiple tokens are separated by comma (,)
tokens : your_token

gsil/rules.gsil(Rename by rules.gsil.example): scanning rules

Generally, The best rule is the characteristic code of the intranet(Example: mogujie's extranet is, intranet is At this time, can be used as a rule)

There are other similar code head characteristic code, external mailbox characteristic code, and so on

field meaning optional default describe
keyword key word required - When multiple keywords are used, space segmentation is used(Example: 'username password'), When you need a precise search, use double(Example: "")
ext file suffix optional all suffixes Multiple suffixes are separated by comma(Example: java,php,python)
mode matching mode optional normal-match normal-match(The line that contains the keyword is matched, and the line near the line is matched) / only-match(Only the lines that match the key words) / full-match(Not recommended for use)(The search results show the entire file)
    # usually using the company name, used as the first parameter to open the scan(Example:`python test`)
    "test": {
        # General use of product name
        "mogujie": {
            # Internal domain name of the company
            "\"\"": {
                # mode/ext options no need to configure by default
                "mode": "normal-match",
                "ext": "php,java,python,go,js,properties"
            # Company code's characteristic code
            "copyright meili inc": {},
            # Internal host domain name
            "": {},
            # External mailbox
            "": {}
        "meilishuo": {
            "": {},
            "": {}


$ python test

# Verify tokens validity
$ python --verify-tokens
$ crontab -e

# Run every hour
0 * * * * /usr/bin/python /var/app/gsil/ test > /tmp/gsil
# Send a statistical report at 11 p. m. every night
0 23 * * * /usr/bin/python /var/app/gsil/ --report
  • Once the scan report will not repeat the report, the cache records in ~/.gsil/ directory *