{"id":21191645,"url":"https://github.com/kulkansecurity/gitxray","last_synced_at":"2025-05-07T02:01:42.981Z","repository":{"id":251942649,"uuid":"838884567","full_name":"kulkansecurity/gitxray","owner":"kulkansecurity","description":"A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.","archived":false,"fork":false,"pushed_at":"2025-04-27T16:22:28.000Z","size":3692,"stargazers_count":136,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-27T16:24:43.620Z","etag":null,"topics":["attackers","disclosure","github","information","osint","osint-python","osint-reconnaissance","osint-resources","osint-tool","osint-toolkit","penetration-testing","pentest","pentest-tool","pentesting","pentesting-tools","python","python3","security","supply-chain"],"latest_commit_sha":null,"homepage":"https://www.gitxray.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kulkansecurity.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-06T14:29:10.000Z","updated_at":"2025-04-27T16:22:15.000Z","dependencies_parsed_at":"2024-11-20T23:01:58.011Z","dependency_job_id":null,"html_url":"https://github.com/kulkansecurity/gitxray","commit_stats":null,"previous_names":["kulkansecurity/gitxray"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kulkansecurity%2Fgitxray","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kulkansecurity%2Fgitxray/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kulkansecurity%2Fgitxray/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kulkansecurity%2Fgitxray/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kulkansecurity","download_url":"https://codeload.github.com/kulkansecurity/gitxray/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252798832,"owners_count":21805882,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attackers","disclosure","github","information","osint","osint-python","osint-reconnaissance","osint-resources","osint-tool","osint-toolkit","penetration-testing","pentest","pentest-tool","pentesting","pentesting-tools","python","python3","security","supply-chain"],"created_at":"2024-11-20T19:04:12.816Z","updated_at":"2025-05-07T02:01:42.890Z","avatar_url":"https://github.com/kulkansecurity.png","language":"Python","readme":"# Welcome to Gitxray \nGitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. `gitxray` leverages public GitHub REST APIs to gather information that would otherwise be very time-consuming to obtain manually. Additionally, it seeks out information in unconventional places.\n\n[![Build Workflows](https://github.com/kulkansecurity/gitxray/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/kulkansecurity/gitxray) [![Latest Version in PIP](https://img.shields.io/pypi/v/gitxray.svg)](https://pypi.org/project/gitxray) [![Python Versions](https://img.shields.io/pypi/pyversions/gitxray.svg)](https://pypi.org/project/gitxray) [![License](https://img.shields.io/pypi/l/gitxray.svg)](https://github.com/kulkansecurity/gitxray/blob/main/LICENSE) \n--- \n![Gitxray Sample HTML Report](https://kulkansecurity.github.io/gitxray/images/html_report_gitxray.png?ts=42 \"Gitxray Sample HTML Report\")\n\u003cdiv style=\"clear: both;\"\u003e\u003c/div\u003e\n\n# Use cases\nGitxray can be used to, for example:\n\n- Find sensitive information in contributor profiles disclosed by accident within, for example, Armored PGP Keys, or Key Names.\n\n- Identify threat actors in a Repository. You may spot co-owned or shared accounts, as well as inspect public events to spot fake Stargazers.\n\n- Identify fake or infected Repositories. It can detect tampered commit dates as well as, for example, Release assets updated post-release.\n\n- Forensics use-cases, such as filtering results by date in order to check what else happened on the day of an incident.\n\n- And a lot more! Run a full X-Ray in to collect a ton of data.\n\n` gitxray -r https://github.com/some-org/some-repository`\n\n- If you rather use text output, you may want to filter output with filters:\n\n` gitxray -r https://github.com/some-org/some-repository -f user_input -outformat text`\n\n` gitxray -r https://github.com/some-org/some-repository -f keys,association,starred -outformat text`\n\n` gitxray -r https://github.com/some-org/some-repository -f warning -outformat text`\n\n` gitxray -r https://github.com/some-org/some-repository -f 2024-09-01 -outformat text`\n\nPlease refer to the Documentation for additional use-cases and introductory information.\n\n# Documentation\n- [https://kulkansecurity.github.io/gitxray/](https://kulkansecurity.github.io/gitxray/)\n- [https://www.gitxray.com/](https://www.gitxray.com/)\n\n# Creating an Access Token to increase Rate Limits\n\nGitxray gracefully handles Rate Limits and can work out of the box without a GitHub API token, but you'll likely hit RateLimits pretty fast (A small to medium-size repository with 10+ Contributors could take hours to complete while it waits for RateLimits to reset) This is detailed by GitHub in their [documentation here](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-unauthenticated-users). \n\n[Creating a simple read-only token scoped to PUBLIC repositories](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) will however help you increase those restrictions considerably. If you're not in a hurry or can leave gitxray running you'll be able to use its full capacity, as it pauses execution while waiting for the limits to lift.\n\nYou may then load the token safely by using (prevents the token from being displayed on screen or getting logged in your shell history):\n\n```bash\nread -rs GH_ACCESS_TOKEN\nexport\n```\n\n# Installing, Updating, and running Gitxray\n\ngitxray was written with no use of external package dependencies other than the `requests` library.\n\n## PyPI (PIP) Way\n\n`gitxray` is on PyPI and can be installed and updated with:\n\n```bash\npip install gitxray --upgrade\n```\n\nOnce installed, simply run gitxray from your command line by typing:\n```bash\ngitxray -h\n```\n\n## Run your first full X-Ray\n```bash\ngitxray -o https://github.com/kulkansecurity\n```\n\n![Gitxray Console](https://kulkansecurity.github.io/gitxray/images/console_gitxray.png \"Gitxray Console\") \n\u003cdiv style=\"clear: both;\"\u003e\u003c/div\u003e\n\n## Installing from source\n\nYou may also run `gitxray` directly by cloning or downloading its GitHub repository and running.\n\n```bash\npython3 -m pip install -r requirements.txt\ncd src/\npython3 -m gitxray.gitxray\n```\n\n## Command Line Arguments\n\n### Required Arguments\n\nOne of the following must be specified:\n\n* `-r, --repository [URL]` - Specify a single repository to check. The URL may optionally begin with `https://github.com/`. **Example**: `--repository https://github.com/example/repo`\n\n* `-rf, --repositories-file [FILEPATH]` - Provide a file path containing a list of repositories, each on a new line. The file must exist. **Example**: `--repositories-file ./list_of_repos.txt`\n\n* `-o, --organization [URL]` - Specify an organization to check all repositories under that organization. The URL may optionally begin with `https://github.com/`. **Example**: `--organization https://github.com/exampleOrg`\n\n### Optional Arguments\n\nYou'll find these optional but very handy in common gitxray usage.\n\n- `-l, --list` - List contributors if a repository is specified or list repositories if an organization is specified. Useful for further focusing on specific entities. **Example**: `--list`\n\n- `-c, --contributor [USERNAMES]` - A comma-separated list of GitHub usernames to focus on within the specified repository or organization. **Example**: `--contributor user1,user2`\n\n- `-f, --filters [KEYWORDS]` - Comma-separated keywords to filter the results by, such as 'user_input', 'association', or 'mac'. **Example**: `--filters user_input,association,mac`\n\n#### Output and Formats\n\n- `-out, --outfile [FILEPATH]` - Specify the file path for the output log. Cannot be a directory. **Example**: `--outfile ./output.log`\n\n- `-outformat, --output-format [FORMAT]` - Set the format for the log file. Supported formats are `html`, `text` and `json`. Default is `html`. **Example**: `--output-format json`\n\n#### Shush output\n\n- `--shush` - Makes Gitxray a bit more quiet by not displaying progress-related output. **Example**: `--shush`\n\n#### Debug mode\n\n- `--debug` - Enable Debug mode for a detailed and extensive output. **Example**: `--debug`\n  \n# Terms of Use\n\nThe user is solely responsible for ensuring that this tool is used in compliance with applicable laws and regulations, including obtaining proper authorization for repository scanning and the distribution of any results generated. Unauthorized use or sharing of results may violate local, national, or international laws.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkulkansecurity%2Fgitxray","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkulkansecurity%2Fgitxray","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkulkansecurity%2Fgitxray/lists"}