Skip to content

Latest commit

 

History

History
68 lines (47 loc) · 1.98 KB

README.md

File metadata and controls

68 lines (47 loc) · 1.98 KB

Github Secrets

This tool analyzes a given Github repository and searches for dangling or force-pushed commits, containing potential secret or interesting information.

Requirements

Installation

git clone https://github.com/neodyme-labs/github-secrets.git

Usage

To get a list of basic options and switches use:

python3 github_scanner.py -h

You can run this script either completely unauthenticated, with rather low Github API rate limits, or your export a generated API token.

The tokens need no privileges at all and are only used, for authentication against the API. A fine-grained personal access token is required for this project without any additional permissions.

To export the token use:

export GITHUB_ACCOUNT_TOKEN=<your_secret_api_token>

To run the script and scan a repository:

python3 github_scanner.py <username/repository>

To run the script and scan all of a specific users repositories:

python3 github_scanner.py -u <username>

Resources

To check your current API rate limits and usage with token:

curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer <your_secret_api_token>" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit

Without token:

curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.