GitGraber — Tool to scan github for secrets

gitGraber is a tool developed in Python3 to scan GitHub. It search and find sensitive data in real time for different online services such as: Google, Amazon (AWS), Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe, Twilio.

This writeup is about setting up gitgraber & scanning github, also setting up slack notification.

Step 1:

Download gitGrabber

git clone https://github.com/hisxo/gitGraber.git

Step 2:

Install dependencies:

pip3 install -r requirements.txt

Step 3:

Executing command to find Secrets of Uber on github

python3 gitGraber.py -k wordlist/keywordsfile.txt -q "\uber\" -s

Step 4:

Configuring Github API tokens

URL: https://github.com/settings/tokens

Generate API Token

Copy personal access token token

Step 5:

vi config.py

Replace this API Key with one of the X shown below:

Replace API Token in one of the X as highlighted

Setting up alerts

Step 6:

Setting up Slack notifications, follow screenshots below:

1. Create Slack Chanel. Fill in name (gitgrabber1)& details

Click on + then select create a channel

2. Add app to it

Click on Add an App

3. Select Incoming WebHooks App and click View

Click on View

4. Click on Add to Slack

Add to Slack

5. Select the channel gitgrabber1

Select Channel for WebHook

6. Copy Webhook URL

Copy WebHook

7. Paste Webhook URL in SLACK_WEBHOOK variable in config.py

Paste in SLACK_WEBHOOK

Step 8:

Initiate scan as in Step 3 and see notification in Slack channel

Reference:

1 https://github.com/hisxo/gitGraber