{"id":13532784,"url":"https://github.com/josehelps/git-wild-hunt","last_synced_at":"2025-04-07T15:08:40.198Z","repository":{"id":50170085,"uuid":"262893177","full_name":"josehelps/git-wild-hunt","owner":"josehelps","description":"A tool to hunt for credentials in github wild AKA git*hunt","archived":false,"fork":false,"pushed_at":"2022-12-08T09:50:50.000Z","size":57371,"stargazers_count":294,"open_issues_count":7,"forks_count":42,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-02T05:07:36.344Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/josehelps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-10T23:20:01.000Z","updated_at":"2025-03-22T17:44:12.000Z","dependencies_parsed_at":"2023-01-25T08:01:30.151Z","dependency_job_id":null,"html_url":"https://github.com/josehelps/git-wild-hunt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/josehelps%2Fgit-wild-hunt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/josehelps%2Fgit-wild-hunt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/josehelps%2Fgit-wild-hunt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/josehelps%2Fgit-wild-hunt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/josehelps","download_url":"https://codeload.github.com/josehelps/git-wild-hunt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247675597,"owners_count":20977376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:01:13.729Z","updated_at":"2025-04-07T15:08:40.156Z","avatar_url":"https://github.com/josehelps.png","language":"Python","funding_links":[],"categories":["Secrets management","Python"],"sub_categories":[],"readme":"# git-wild-hunt\nA tool to hunt for credentials in the GitHub wild AKA git*hunt\n![](static/wildhunt.jpg)\n\n### Getting started\n \n1. [Install](#installation) the tool\n2. [Configure](#configuration) your GitHub token\n3. [Search](#github-search-examples) for credentials\n4. See results `cat results.json | jq`\n\n:tv: **Demo**\n\n![](static/demo.gif)\n\n### Installation \n\n* requirements:     `virtualenv, python3`\n\n1. `git clone https://github.com/d1vious/git-wild-hunt \u0026\u0026 cd git-wild-hunt` clone project and cd into the project dir\n2. `pip install virtualenv \u0026\u0026 virtualenv -p python3 venv \u0026\u0026 source venv/bin/activate \u0026\u0026 pip install -r requirements.txt` create virtualenv and install requirements\n\nContinue to [configuring](#configuration) a GitHub API key\n\n### Configuration [`git-wild-hunt.conf`](https://github.com/d1vious/git-wild-hunt/blob/master/git-wild-hunt.conf)\n\nMake sure you set a GitHub token if you need to create one for your account follow [these](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) instructions. \n\n```\n[global]\ngithub_token = ''\n# GitHub token for searching\n\noutput = results.json\n# stores matches in JSON here\n\nlog_path = git-wild-hunt.log\n# Sets the log_path for the logging file\n\nlog_level = INFO\n# Sets the log level for the logging\n# Possible values: INFO, ERROR\n\nregexes = regexes.json\n# regexes to check the git wild hunt search against\n```\n\n### GitHub search examples\n\nthe **-s** flag accepts any GitHub [advance search](https://github.com/search/advanced) query, see some examples below\n\n##### Find GCP JWT token files\n`python git-wild-hunt.py -s \"extension:json filename:creds language:JSON\"`\n\n##### Find AWS API secrets\n`python git-wild-hunt.py -s \"path:.aws/ filename:credentials\"`\n\n##### Find Azure JWT Token\n`python git-wild-hunt.py -s \"extension:json path:.azure filename:accessTokens language:JSON\"`\n\n##### Find GSUtils configs\n`python git-wild-hunt.py -s \"path:.gsutil filename:credstore2\"`\n\n##### Find Kubernetes config files\n`python git-wild-hunt.py -s \"path:.kube filename:config\"`\n\n##### Searching for Jenkins credentials.xml file\n`python git-wild-hunt.py -s \"extension:xml filename:credentials.xml language:XML\"`\n\n##### Find secrets in .circleci\n`python git-wild-hunt.py -s \"extension:yml path:.circleci filename:config language:YAML\"`\n\n##### Generic credentials.yml search \n`python git-wild-hunt.py -s \"extension:yml filename:credentials.yml language:YAML\"`\n\n\n### Usage\n\n```\nusage: git-wild-hunt.py [-h] -s SEARCH [-c CONFIG] [-v]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -s SEARCH, --search SEARCH\n                        search to execute\n  -c CONFIG, --config CONFIG\n                        config file path\n  -v, --version         shows current git-wild-hunt version\n```\n\n### What checks get run [`regexes.json`](https://github.com/d1vious/git-wild-hunt/blob/master/regexes.json)\nThis file contains all the regexes that will be used to check against the raw content filed returned for a [search](#github-search-examples). Feel free to add/modify and include any specific ones that match the credential you are trying to find. This was graciously borrowed from [truffleHog](https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json)\n\nCurrently verified credentials via regex:\n\n*   AWS API Key\n*   Amazon AWS Access Key ID\n*   Amazon MWS Auth Token\n*   Facebook Access Token\n*   Facebook OAuth\n*   Generic API Key\n*   Generic Secret\n*   GitHub\n*   Google (GCP) Service-account\n*   Google API Key\n*   Google Cloud Platform API Key\n*   Google Cloud Platform OAuth\n*   Google Drive API Key\n*   Google Drive OAuth\n*   Google Gmail API Key\n*   Google Gmail OAuth\n*   Google OAuth Access Token\n*   Google YouTube API Key\n*   Google YouTube OAuth\n*   Heroku API Key\n*   MailChimp API Key\n*   Mailgun API Key\n*   PGP private key block\n*   Password in URL\n*   PayPal Braintree Access Token\n*   Picatic API Key\n*   RSA private key\n*   SSH (DSA) private key\n*   SSH (EC) private key\n*   Slack Token\n*   Slack Webhook\n*   Square Access Token\n*   Square OAuth Secret\n*   Stripe API Key\n*   Stripe Restricted API Key\n*   Twilio API Key\n*   Twitter Access Token\n*   Twitter OAuth\n\n### Author\n\n* Jose Hernandez [@_josehelps](https://twitter.com/_josehelps)\n\n### Contributor \n * Rod Soto [@rodsoto](https://twitter.com/rodsoto)\n\n### Credits \u0026 References\n\nInspiration to write this tool came from the [shhgit](https://github.com/eth0izzle/shhgit/) project\n\n### TO DO\n* better error handling\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjosehelps%2Fgit-wild-hunt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjosehelps%2Fgit-wild-hunt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjosehelps%2Fgit-wild-hunt/lists"}