{"id":13440167,"url":"https://github.com/UnkL4b/GitMiner","last_synced_at":"2025-03-20T09:32:19.549Z","repository":{"id":41754744,"uuid":"52665794","full_name":"UnkL4b/GitMiner","owner":"UnkL4b","description":"Tool for advanced mining for content on Github","archived":false,"fork":false,"pushed_at":"2020-08-29T00:38:32.000Z","size":142,"stargazers_count":2089,"open_issues_count":13,"forks_count":426,"subscribers_count":108,"default_branch":"master","last_synced_at":"2024-10-15T01:41:06.017Z","etag":null,"topics":["git-mining-tool","gitminer","information-gathering-tool"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UnkL4b.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-27T12:30:44.000Z","updated_at":"2024-10-10T15:12:11.000Z","dependencies_parsed_at":"2022-07-14T16:47:55.712Z","dependency_job_id":null,"html_url":"https://github.com/UnkL4b/GitMiner","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnkL4b%2FGitMiner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnkL4b%2FGitMiner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnkL4b%2FGitMiner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UnkL4b%2FGitMiner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UnkL4b","download_url":"https://codeload.github.com/UnkL4b/GitMiner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221745264,"owners_count":16873742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git-mining-tool","gitminer","information-gathering-tool"],"created_at":"2024-07-31T03:01:20.368Z","updated_at":"2025-03-20T09:32:19.542Z","avatar_url":"https://github.com/UnkL4b.png","language":"Python","funding_links":[],"categories":["Python","Tools","Miscellaneous","Weapons","Python (1887)","Pentesting"],"sub_categories":["Leaking","Secrets","Tools","ARM"],"readme":"[![Python 2.7|3.6](https://img.shields.io/badge/Python-2.7%7C3.6-blue.svg)](https://www.python.org/) [![Gitminer 2.0](https://img.shields.io/badge/Gitminer-2.0-yellow.svg)](https://unkl4b.github.io)\n\n![Screenshot](https://3.bp.blogspot.com/-UvpR_QDDAT0/VtiIc8OKrrI/AAAAAAAAboM/69BNKrvdUsU/s1600/gitminer-628x360.png)\n\n```\n + Autor: UnK\n + Blog: https://unkl4b.github.io\n + Github: https://github.com/danilovazb\n + Twitter: https://twitter.com/danilo_vaz_\n```\n## WARNING\n```\n +---------------------------------------------------+\n | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT |\n | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY |\n | THIS PROGRAM |\n +---------------------------------------------------+\n```\n\n### DESCRIPTION\n```\nAdvanced search tool and automation in Github.\nThis tool aims to facilitate research by code or code \nsnippets on github through the site's search page.\n```\n### MOTIVATION\nDemonstrates the fragility of trust in public repositories to store codes with sensitive information.\n\n### REQUIREMENTS\n```\nlxml\nrequests\nargparse\njson\nre\n```\n\n### INSTALL\n```\n$ git clone http://github.com/UnkL4b/GitMiner\n\n$ cd GitMiner\n\n~/GitMiner $ pip3 install -r requirements.txt\n```\n### Docker\n```\n$ git clone http://github.com/UnkL4b/GitMiner\n$ cd GitMiner\n$ docker build -t gitminer .\n$ docker run -it gitminer -h\n```\n\n\n### HELP\n```\n\n UnkL4b\n __ Automatic search for Github\n((OO)) ▄████ ██▓▄▄▄█████▓ ███▄ ▄███▓ ██▓ ███▄ █ ▓█████ ██▀███ \n \\__/ ██▒ ▀█▒▓██▒▓ ██▒ ▓▒▓██▒▀█▀ ██▒▓██▒ ██ ▀█ █ ▓█ ▀ ▓██ ▒ ██▒ OO\n |^| ▒██░▄▄▄░▒██▒▒ ▓██░ ▒░▓██ ▓██░▒██▒▓██ ▀█ ██▒▒███ ▓██ ░▄█ ▒ oOo\n | | ░▓█ ██▓░██░░ ▓██▓ ░ ▒██ ▒██ ░██░▓██▒ ▐▌██▒▒▓█ ▄ ▒██▀▀█▄ OoO\n | | ░▒▓███▀▒░██░ ▒██▒ ░ ▒██▒ ░██▒░██░▒██░ ▓██░░▒████▒░██▓ ▒██▒ /oOo \n | |___░▒___▒_░▓____▒_░░___░_▒░___░__░░▓__░_▒░___▒_▒_░░_▒░_░░_▒▓_░▒▓░_/ /\n \\______░___░__▒_░____░____░__░______░_▒_░░_░░___░_▒░_░_░__░__░▒_░_▒░__/ v2.0\n ░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░░ ░ \n ░ ░ ░ ░ ░ ░ ░ ░ \n\n -\u003e github.com/UnkL4b\n -\u003e unkl4b.github.io\n\n +---------------------[WARNING]---------------------+\n | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT |\n | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY |\n | THIS PROGRAM |\n +---------------------------------------------------+ \n [-h] [-q 'filename:shadow path:etc']\n [-m wordpress] [-o result.txt]\n [-r '/^\\s*.*?;?\\s*$/gm']\n [-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83]\n\noptional arguments:\n -h, --help show this help message and exit\n -q 'filename:shadow path:etc', --query 'filename:shadow path:etc'\n Specify search term\n -m wordpress, --module wordpress\n Specify the search module\n -o result.txt, --output result.txt\n Specify the output file where it will be\n saved\n -r '/^\\s*(.*?);?\\s*$/gm', --regex '/^\\s*(.*?);?\\s*$/gm'\n Set regex to search in file\n -c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83, --cookie _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83\n Specify the cookie for your github\n\n```\n\n### EXAMPLE\nSearching for wordpress configuration files with passwords:\n```\n$:\u003e python3 gitminer-v2.0.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt\n```\n![Screenshot](https://2.bp.blogspot.com/-GbpzROiEynQ/VtLytfMqQiI/AAAAAAAAbnk/5hDphP4Mbf4/s1600/wordpressEX.png)\n\nLooking for brasilian government files containing passwords:\n```\n$:\u003e python3 gitminer-v2.0.py --query 'extension:php \"root\" in:file AND \"gov.br\" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4\n```\n\nLooking for shadow files on the etc paste:\n```\n$:\u003e python3 gitminer-v2.0.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4\n```\n\nSearching for joomla configuration files with passwords:\n```\n$:\u003e python3 gitminer-v2.0.py --query 'filename:configuration extension:php \"public password\" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4\n```\n![Screenshot](https://3.bp.blogspot.com/-1AsNmFKfsoA/VtLyvJFy2WI/AAAAAAAAbno/C7xTbxtzOo8/s1600/joomlaEX.png)\n\n### Hacking SSH Servers\n\n[![Hacking SSH Servers](https://img.youtube.com/vi/yIJOlKZwQQw/0.jpg)](https://www.youtube.com/watch?v=yIJOlKZwQQw)\n\n### Dork to search\n##### by @techgaun (https://github.com/techgaun/github-dorks)\n\n Dork | Description\n------------------------------------------------|--------------------------------------------------------------------------\nfilename:.npmrc _auth | npm registry authentication data\nfilename:.dockercfg auth | docker registry authentication data\nextension:pem private | private keys\nextension:ppk private | puttygen private keys\nfilename:id_rsa or filename:id_dsa | private ssh keys\nextension:sql mysql dump | mysql dump\nextension:sql mysql dump password | mysql dump look for password; you can try varieties\nfilename:credentials aws_access_key_id | might return false negatives with dummy values\nfilename:.s3cfg | might return false negatives with dummy values\nfilename:wp-config.php | wordpress config files\nfilename:.htpasswd | htpasswd files\nfilename:.env DB_USERNAME NOT homestead | laravel .env (CI, various ruby based frameworks too)\nfilename:.env MAIL_HOST=smtp.gmail.com | gmail smtp configuration (try different smtp services too)\nfilename:.git-credentials | git credentials store, add NOT username for more valid results\nPT_TOKEN language:bash | pivotaltracker tokens\nfilename:.bashrc password | search for passwords, etc. in .bashrc (try with .bash_profile too)\nfilename:.bashrc mailchimp | variation of above (try more variations)\nfilename:.bash_profile aws | aws access and secret keys\nrds.amazonaws.com password | Amazon RDS possible credentials\nextension:json api.forecast.io | try variations, find api keys/secrets\nextension:json mongolab.com | mongolab credentials in json configs\nextension:yaml mongolab.com | mongolab credentials in yaml configs (try with yml)\njsforce extension:js conn.login | possible salesforce credentials in nodejs projects\nSF_USERNAME salesforce | possible salesforce credentials\nfilename:.tugboat NOT _tugboat | Digital Ocean tugboat config\nHEROKU_API_KEY language:shell | Heroku api keys\nHEROKU_API_KEY language:json | Heroku api keys in json files\nfilename:.netrc password | netrc that possibly holds sensitive credentials\nfilename:_netrc password | netrc that possibly holds sensitive credentials\nfilename:hub oauth_token | hub config that stores github tokens\nfilename:robomongo.json | mongodb credentials file used by robomongo\nfilename:filezilla.xml Pass | filezilla config file with possible user/pass to ftp\nfilename:recentservers.xml Pass | filezilla config file with possible user/pass to ftp\nfilename:config.json auths | docker registry authentication data\nfilename:idea14.key | IntelliJ Idea 14 key, try variations for other versions\nfilename:config irc_pass | possible IRC config\nfilename:connections.xml | possible db connections configuration, try variations to be specific\nfilename:express.conf path:.openshift | openshift config, only email and server thou\nfilename:.pgpass | PostgreSQL file which can contain passwords\nfilename:proftpdpasswd | Usernames and passwords of proftpd created by cpanel\nfilename:ventrilo_srv.ini | Ventrilo configuration\n[WFClient] Password= extension:ica | WinFrame-Client infos needed by users to connect toCitrix Application Servers\nfilename:server.cfg rcon password | Counter Strike RCON Passwords\nJEKYLL_GITHUB_TOKEN | Github tokens used for jekyll\nfilename:.bash_history | Bash history file\nfilename:.cshrc | RC file for csh shell\nfilename:.history | history file (often used by many tools)\nfilename:.sh_history | korn shell history\nfilename:sshd_config | OpenSSH server config\nfilename:dhcpd.conf | DHCP service config\nfilename:prod.exs NOT prod.secret.exs | Phoenix prod configuration file\nfilename:prod.secret.exs | Phoenix prod secret\nfilename:configuration.php JConfig password | Joomla configuration file\nfilename:config.php dbpasswd | PHP application database password (e.g., phpBB forum software)\npath:sites databases password | Drupal website database credentials\nshodan_api_key language:python | Shodan API keys (try other languages too)\nfilename:shadow path:etc | Contains encrypted passwords and account information of new unix systems\nfilename:passwd path:etc | Contains user account information including encrypted passwords of traditional unix systems\nextension:avastlic \"support.avast.com\" | Contains license keys for Avast! Antivirus\nfilename:dbeaver-data-sources.xml | DBeaver config containing MySQL Credentials\nfilename:.esmtprc password | esmtp configuration\nextension:json googleusercontent client_secret | OAuth credentials for accessing Google APIs\nHOMEBREW_GITHUB_API_TOKEN language:shell | Github token usually set by homebrew users\nxoxp OR xoxb | Slack bot and private tokens\n.mlab.com password | MLAB Hosted MongoDB Credentials\nfilename:logins.json | Firefox saved password collection (key3.db usually in same repo)\nfilename:CCCam.cfg | CCCam Server config file\nmsg nickserv identify filename:config | Possible IRC login passwords\nfilename:settings.py SECRET_KEY | Django secret keys (usually allows for session hijacking, RCE, etc)\nfilename:secrets.yml password | Usernames/passwords, Rails applications\nfilename:master.key path:config | Rails master key (used for decrypting `credentials.yml.enc` for Rails 5.2+)\nfilename:deployment-config.json | Created by sftp-deployment for Atom, contains server details and credentials\nfilename:.ftpconfig | Created by remote-ssh for Atom, contains SFTP/SSH server details and credentials\nfilename:.remote-sync.json | Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials\nfilename:sftp.json path:.vscode | Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentails\nfilename:sftp-config.json | Created by SFTP for Sublime Text, contains FTP/FTPS or SFTP/SSH server details and credentials\nfilename:WebServers.xml | Created by Jetbrains IDEs, contains webserver credentials with encoded passwords ([not encrypted!](https://intellij-support.jetbrains.com/hc/en-us/community/posts/207074025/comments/207034775))\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUnkL4b%2FGitMiner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FUnkL4b%2FGitMiner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FUnkL4b%2FGitMiner/lists"}