{"id":19610199,"url":"https://github.com/mathis2001/gitdiscloser","last_synced_at":"2025-02-26T17:19:26.471Z","repository":{"id":110078104,"uuid":"498343689","full_name":"mathis2001/GitDiscloser","owner":"mathis2001","description":"Python recon tool for Github information disclosure research","archived":false,"fork":false,"pushed_at":"2022-06-10T13:25:19.000Z","size":90,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-09T09:58:37.533Z","etag":null,"topics":["bugbounty","github","pentesting","recon"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mathis2001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-31T13:17:15.000Z","updated_at":"2023-04-28T13:02:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"fd349af7-9408-4d8c-aa06-3078562e6d52","html_url":"https://github.com/mathis2001/GitDiscloser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mathis2001%2FGitDiscloser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mathis2001%2FGitDiscloser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mathis2001%2FGitDiscloser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mathis2001%2FGitDiscloser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mathis2001","download_url":"https://codeload.github.com/mathis2001/GitDiscloser/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240898289,"owners_count":19875151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","github","pentesting","recon"],"created_at":"2024-11-11T10:27:10.730Z","updated_at":"2025-02-26T17:19:26.448Z","avatar_url":"https://github.com/mathis2001.png","language":"Python","readme":"# GitDiscloser\nPython recon tool for Github information disclosure research\n\n## Install:\n```bash\n$ git clone https://github.com/mathis2001/GitDiscloser\n\n$ cd GitDiscloser\n\n$ python3 gitdiscloser.py\n```\n## Requirements:\n\n- Python3\n\n- Pip3\n\n- Pygithub\n\n```bash\n$ pip3 install pygithub\n```\n\n## Usage:\n```bash\nSearch: ./gitdiscloser.py [-h] [-s \"github search\"] [-f wordlist] [-l limit] [-u] [-n] [-c]\nProfiling: ./gitdiscloser.py [-h] [-r repository link |-p username]\nAdvanced: ./gitdiscloser.py [-h] [-a user/repository] [-f wordlist] [-l limit]\n```\n## options:\n```bash\nOptions\n  ---------------------------------------------------------\n        -h   Show this help message\n  Search:\n        -s   search request\n        -u   search for urls in code\n        -f   find word matches with a wordlist\n        -n   sort by the more recently indexed\n        -l   limit (limit of results wanted)\n        -c   profile information for each result\n  Profiling:\n        -r   profile information by repository link\n        -p   profile information by username\n  Advanced (commits scan):\n        -a   repository (mathis/GitDiscloser)\n        -f   find word matches in commits with a wordlist\n  --------------------------------------------------------\n  Config \n\n        Simply put your github token in your environment variables as 'GITHUB_TOKEN'. \n\n```\n## Configuration:\n\nIn your Github account, clic on your profile in the top right of the page.\n\nThen go to settings \u003e Developer settings \u003e personal access tokens \u003e Generate a new token.\n\nGive a name to your token, select only the public_repo access and clic on \"Generate token\".\n\n![image](https://user-images.githubusercontent.com/40497633/171192364-aa66b523-cb2f-40e4-bcf2-8b007a1ad682.png)\n\n\nYou can now copy your token and paste it in your environment variables.\n\n## Use case:\n\nYou search for information disclosure on a target website/domain (exp:target.com), so you can use GitDiscloser like this:\n```bash\n./gitdiscloser.py -s target.com -f \u003cwordlist\u003e -n\n```\nor if you want to use dorks:\n```bash\n./gitdiscloser.py -s \"\u003cdork\u003e:target.com\" -f \u003cwordlist\u003e -n\n```\nthis command will make a github search on all recently shared file (\"-n\") and will search for all keywords of your wordlist in it (\"-f\").\n  \nIf the tool find interesting results, you maybe want to know more about the author of the file.\nSo you can use the profiling option of GitDiscloser to get profile information about it and then see his/her firstname and the company where he/she work. (if company is not written in his/her github account, you can check his/her firstname on Linkedin to check it).\n\nExemple:\n\nGitDiscloser response:\n\nhttps://raw.githubusercontent.com/mathis2001/code.xyz\n\nPossible secret(s) found in file:\n\n[+] token\n\nCheck if mathis2001 work at target.com:\n\n./gitdiscloser -r https://raw.githubusercontent.com/mathis2001/code.xyz or -p mathis2001\n\nyou can also profile each results with the '-c' option.\n  \nIf your target work at the target company, you can now check for (potentially other) information disclosure in his/her other codes thanks to the \"user:\" dork\nExemple:\n```bash \n./gitdiscloser -s \"user:\u003cusername\u003e\" -f \u003cwordlist\u003e -n\n```\nTo go deeper, GitDiscloser is also able to check for secrets in commits.\n```bash\n./gitdiscloser -a mathis2001/GitDiscloser -f \u003cwordlist\u003e\n```\n## Some screens:\n\n![image](https://user-images.githubusercontent.com/40497633/171843426-39d00404-c76d-4883-96e5-c0832f55b026.png)\n![image](https://user-images.githubusercontent.com/40497633/171844662-ffea0b28-9e91-4602-93ef-caa3b588db03.png)\n![image](https://user-images.githubusercontent.com/40497633/171844784-ab67d302-5875-4d10-ac20-a49dbc318a43.png)\n![image](https://user-images.githubusercontent.com/40497633/171850660-4daa556b-c592-4559-93ff-bb5f98330cf2.png)\n![image](https://user-images.githubusercontent.com/40497633/171851725-99825f8d-9ea4-4083-8ccd-1a234b4843fc.png)\n![image](https://user-images.githubusercontent.com/40497633/171883040-24946e78-0389-4539-9513-c98303cf01f9.png)\n\n## TO DO\n\n- fix bugs\n- Add an output file option (you can use \"| tee -a\" to get an output anyway\")\n- Secondary rate-limit restriction when making a query with to many responses.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmathis2001%2Fgitdiscloser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmathis2001%2Fgitdiscloser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmathis2001%2Fgitdiscloser/lists"}