Skip to content

This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.

Notifications You must be signed in to change notification settings

neodyme-labs/github-secrets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

Github Secrets

This tool analyzes a given Github repository and searches for dangling or force-pushed commits, containing potential secret or interesting information.

Requirements

Installation

git clone https://github.com/neodyme-labs/github-secrets.git

Usage

To get a list of basic options and switches use:

python3 github_scanner.py -h

You can run this script either completely unauthenticated, with rather low Github API rate limits, or your export a generated API token.

The tokens need no privileges at all and are only used, for authentication against the API. A fine-grained personal access token is required for this project without any additional permissions.

To export the token use:

export GITHUB_ACCOUNT_TOKEN=<your_secret_api_token>

To run the script and scan a repository:

python3 github_scanner.py <username/repository>

To run the script and scan all of a specific users repositories:

python3 github_scanner.py -u <username>

Resources

To check your current API rate limits and usage with token:

curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer <your_secret_api_token>" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit

Without token:

curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.

Resources

Stars

Watchers

Forks

Languages