Skip to content
Find leaked credentials on Github
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config
modules fix directory Jan 28, 2020
.gitignore ignore sqlite file Jan 24, 2020
README.md
config.example.yml update config Jan 28, 2020
install.sh
pullit.py
requirements.txt

README.md

Pullit

Pullit is a real-time credential finder.

Installation

  • git pull https://github.com/filtration/pullit.git
  • sudo chmod +x install.sh
  • . ./install.sh
  • cp config.example.yml config.yml
  • Edit your metadata or add more, then run:
  • python ./pullit.py

Features

  • Find Github credentials
  • Save credentials to database
  • Post credentials to slack

Modules:

  • Github
  • Bitbucket (todo)
  • Gitlab (todo)

todo:

  • Rate limiting:
    • Check current token's rate limit
    • If it has expired, move on to the next token
    • If all tokens are rate-limited, print a message "We recommend you create and add another token"
  • Email notifications
  • Credentials:
    • Use selector to show just the credentials rather than (twitter_api_key=12345), because we can use 'name' column in database
    • merge the credentials together, api_key=(...) api_secret(...)
  • Database:
    • Better database management, don't run queries individually, run in bulk...
    • Check if repo has already been checked
    • Add commit id to database
You can’t perform that action at this time.