Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.
Changelog v2.0.0
Added
Total rewrite of Gitrob in Golang
Find interesting files in history down to a default (and configurable) depth of 500 commits
Hexdump view for binary files
Saving and loading of session files for easy sharing
Removed
All the stupid Rubygems with native extensions
PostgreSQL dependency
Messy assessment comparison feature
User overview
Repository overview
Usage
Gitrob will need a Github access token in order to interact with the Github API. Create a personal access token and save it in an environment variable in your .bashrc or similar shell configuration file:
export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeefAlternatively, you can specify the access token with the -github-access-token option, but watch out for your command history!
Analyzing organizations and users
Analyzing organizations and users is the main feature of Gitrob. The analyze command accepts an arbitrary amount of organization and user logins, which will be bundled into an assessment:
gitrob analyze acme,johndoe,janedoeMixing organizations and users is convenient if you know that a certain user is part of an organization but they do not have their membership public.
When the assessment is finished, the analyze command will automatically start up the web server to present the results. This can be avoided by adding the –no-server option to the command.
See gitrob help analyze for more options.
Running Gitrob against custom GitHub Enterprise installations
Gitrob can analyze organizations and users on custom GitHub Enterprise installations instead of the official GitHub site. The analyze command takes several options to control this:
gitrob analyze johndoe --site=https://github.acme.com --endpoint=https://github.acme.com/api/v3 --access-tokens=token1,token2See gitrob help analyze for more options.
Starting the Gitrob web server
The Gitrob web server can be started with the server command:
gitrob serverBy default, the server will listen on localhost:9393. This can, of course, all be controlled:
gitrob server --bind-address=0.0.0.0 --port=8000
Comentários