Skip to content

jef/gh-audit-org-keys

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
version.txt
version.txt
 
 

Repository files navigation

audit-org-keys ci

The point of this project is to help demonstrate that users of GitHub could potentially fall victim to getting their private SSH key cracked. This based on the size and complexity of the key the user generates.

Programs like ssh2john from John the Ripper can best demonstrate how fast an SSH private key can be solved from a not so complex algorithm with low key lengths (think RSA < 1024 bits).

Getting started

Requirements

  • Go 1.14+ or Docker
  • GitHub Personal Access Token
  • GitHub Organization that you can read

Running

Golang

export GITHUB_ORGANIZATION=actions
export GITHUB_PAT=mysecrettoken

# native
make run

# Docker
make run-docker

Acknowledgments

About

πŸ”‘ Provides list of public SSH keys of an organization

jef.buzz/audit-org-keys

Topics

ssh github-api security openssl john-the-ripper

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

v1.4.0 Latest
Oct 19, 2022
+ 3 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages