Skip to content
Find leaked credentials on Github
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
modules fix directory Jan 28, 2020
.gitignore ignore sqlite file Jan 24, 2020
config.example.yml update config Jan 28, 2020


Pullit is a real-time credential finder.


  • git pull
  • sudo chmod +x
  • . ./
  • cp config.example.yml config.yml
  • Edit your metadata or add more, then run:
  • python ./


  • Find Github credentials
  • Save credentials to database
  • Post credentials to slack


  • Github
  • Bitbucket (todo)
  • Gitlab (todo)


  • Rate limiting:
    • Check current token's rate limit
    • If it has expired, move on to the next token
    • If all tokens are rate-limited, print a message "We recommend you create and add another token"
  • Email notifications
  • Credentials:
    • Use selector to show just the credentials rather than (twitter_api_key=12345), because we can use 'name' column in database
    • merge the credentials together, api_key=(...) api_secret(...)
  • Database:
    • Better database management, don't run queries individually, run in bulk...
    • Check if repo has already been checked
    • Add commit id to database
You can’t perform that action at this time.