• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称:

BishopFox/GitGot

开源软件地址:

https://github.com/BishopFox/GitGot

开源编程语言:

Python 91.5%

开源软件介绍:

License Python version

Description

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

How it Works

During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users can blacklist files by filename, repository name, username, or a fuzzy match of the file contents.

Blacklists generated from previous sessions can be saved and reused against similar queries (e.g., example.com v.s. subdomain.example.com v.s. Example Org). Sessions can also be paused and resumed at any time.

Read more about the semi-automated, human-in-the-loop design here: https://know.bishopfox.com/blog/going-semi-automated-in-an-automated-world-using-human-in-the-loop-workflows-to-improve-our-security-tools

Install Instructions

Manual Instructions

[1] Install the ssdeep dependency for fuzzy hashing.

Ubuntu/Debian (or equivalent for your distro):

apt-get install python3-dev libfuzzy-dev ssdeep

or, for Mac OSX:

brew install ssdeep

For Windows or *nix distributions without the ssdeep package, please see the ssdeep installation instructions.

[2] After installing ssdeep, install the Python dependencies using pip:

pip3 install -r requirements.txt

Docker Instructions

Run gitgot-docker.sh to build the GitGot docker image (if it doesn't already exist) and execute the dockerized version of the GitGot tool.

On invocation, gitgot-docker.sh will create and mount logs and states directories from the host's current working directory. If this gitgot-docker.sh is executed from the GitGot project directory it will update the docker container with changes to gitgot.py or checks/:

./gitgot-docker.sh -q example.com

(See gitgot-docker.sh for specific docker commands)

Usage

GitHub requires a token for rate-limiting purposes. Create a GitHub API token with no permissions/no scope. This will be equivalent to public GitHub access, but it will allow access to use the GitHub Search API. Set this token at the top of gitgot.py as shown below:

ACCESS_TOKEN = "<NO-PERMISSION-GITHUB-TOKEN-HERE>"

(Alternatively, this token can be set as the GITHUB_ACCESS_TOKEN environment variable)

After adding the token, you are ready to go:

# Default RegEx list and logfile location (/logs/<query>.log) are used when no others are specified.

# Query for the string "example.com" using default GitHub search behavior (i.e., tokenization).
# This will find com.example (e.g., Java) or example.com (Website)
./gitgot.py -q example.com

# Query self-hosted GitHub instance
./gitgot.py -q example.com -u https://git.example.com

# Query for the exact string "example.com". See Query Syntax in the next section for more details.
./gitgot.py -q '"example.com"'

# Query through GitHub gists
./gitgot.py --gist -q CompanyName

# Using GitHub advanced search syntax
./gitgot.py -q "org:github cats"

# Custom RegEx List and custom log files location
./gitgot.py -q example.com -f checks/default.list -o example1.log

# Recovery from existing session
./gitgot.py -q example.com -r example.com.state

# Using an existing session (w/blacklists) for a new query
./gitgot.py -q "Example Org" -r example.com.state

Query Syntax

GitGot queries are fed directly into the GitHub code search API, so check out GitHub's documentation for more advanced query syntax.

UI Commands

  • Ignore similar [c]ontent: Blacklists a fuzzy hash of the file contents to ignore future results that are similar to the selected file
  • Ignore [r]epo/[u]ser/[f]ilename: Ignores future results by blacklisting selected strings
  • Search [/(mykeyword)]: Provides a custom regex expression with a capture group to searches on-the-fly (e.g., /(secretToken))
  • [a]dd to Log: Add RegEx matches to log file, including all on-the-fly search results from search command
  • Next[<Enter>], [b]ack: Advances through search results, or returns to previous results
  • [s]ave state: Saves the blacklists and progress in the search results from the session
  • [q]uit: Quit



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap