{"id":13542307,"url":"https://github.com/nielsing/yar","last_synced_at":"2026-01-14T18:25:33.823Z","repository":{"id":57506427,"uuid":"201934723","full_name":"nielsing/yar","owner":"nielsing","description":"Yar is a tool for plunderin' organizations, users and/or repositories.","archived":false,"fork":false,"pushed_at":"2021-01-03T16:40:04.000Z","size":508,"stargazers_count":239,"open_issues_count":1,"forks_count":17,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-12-21T18:49:29.634Z","etag":null,"topics":["golang","infosec","osint","reconnaissance","secrets","security","tool","trufflehog","yar"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nielsing.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-12T13:21:26.000Z","updated_at":"2025-12-09T13:33:32.000Z","dependencies_parsed_at":"2022-08-29T20:20:44.774Z","dependency_job_id":null,"html_url":"https://github.com/nielsing/yar","commit_stats":null,"previous_names":["furduhlutur/yar"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/nielsing/yar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nielsing%2Fyar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nielsing%2Fyar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nielsing%2Fyar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nielsing%2Fyar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nielsing","download_url":"https://codeload.github.com/nielsing/yar/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nielsing%2Fyar/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28144275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-31T02:00:06.200Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","infosec","osint","reconnaissance","secrets","security","tool","trufflehog","yar"],"created_at":"2024-08-01T10:01:04.590Z","updated_at":"2026-01-14T18:25:33.804Z","avatar_url":"https://github.com/nielsing.png","language":"Go","funding_links":[],"categories":["Miscellaneous"],"sub_categories":["Secrets"],"readme":"# (Y)et (A)nother (R)obber: Sail ye seas of git for booty is to be found\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/nielsing/yar/master/images/yargopher3.png\" alt=\"Yar the pirate gopher\"/\u003e\n\u003c/p\u003e\n\nSail ho! Yar is a tool for plunderin' organizations, users and/or repositories...\n\nIn all seriousness though, yar is an OSINT tool for reconnaissance of repositories/users/organizations on Github. Yar clones repositories of users/organizations given to it\nand goes through the whole commit history in order of commit time, in search for secrets/tokens/passwords, essentially anything that shouldn't be there. Whenever yar finds a secret,\nit will print it out for you to further assess.\n\nYar searches for secrets either by regex, entropy or both, the choice is yours! Inspired by other git secret grabbers.\n\n## Installation\n1. Make sure you have the GOPATH environment variable set in your preferred shell rc and that the $GOPATH/bin directory is in your PATH. More info [here](https://golang.org/doc/code.html#GOPATH).\n2. You can install this by running `go get github.com/nielsing/yar`\n3. Or you can download the latest release of Yar for your operating system [here](https://github.com/nielsing/yar/releases). Just make sure you have the yarconfig.json file as well in $GOPATH/src/github.com/nielsing/yar/config.\n\n## Usage\n### Want to search for secrets within an organization?\n```\nyar -o orgname\n```\nYou can also include the members of the organization with:\n```\nyar -o orgname --include-members\n```\n\n### Want to search for secrets within a users repositories?\n```\nyar -u username\n```\n\n### Want to search for secrets within a single repository?\n```\nyar -r https://github.com/User/Repo\n```\nor if you have already cloned the repository\n```\nyar -r /path/to/.git/folder\n```\n\n### Want to search for secrets within an organization, a user and a repository?\n```\nyar -o orgname -u username -r https://github.com/User/Repo\n```\n\n### Getting too much/not enough noise?\nAll rules are marked with a noise level from 0 to 9. Noise levels from 0 to 4 are considered secrets while noise levels from 5 to 9 are considered reconnaissance info (emails, IPs, etc...). You can decide which noise levels yar searches for, the default is to (and including 3).\n\nSearch for all secrets with noise level 4 or less\n```\nyar -r https://github.com/User/Repo -n -4\n```\n\nSearch for all secrets with noise level 6 or more\n```\nyar -r https://github.com/User/Repo -n 6-\n```\n\nSearch for all secrets from 1 to (and including) 3.\n```\nyar -r https://github.com/User/Repo -n 1-3\n```\n\nSearch for all secrets with noise level exactly 7\n```\nyar -r https://github.com/User/Repo -n 7\n```\n\nSearch for all secrets with any noise level\n```\nyar -r https://github.com/User/Repo -n -\n```\n\n### Have your own predefined rules?\nRules are stored in a JSON file with the following format:\n```\n{\n \"Rules\": [\n {\n \"Reason\": \"The reason for the match\",\n \"Rule\": \"The regex rule\",\n \"Noise\": 3\n },\n {\n \"Reason\": \"Super secret token\",\n \"Rule\": \"^Token: .*$\",\n \"Noise\": 2\n }\n ]\n \"FileBlacklist\": [\n \"Regex rule here\"\n \"^.*\\\\.lock\"\n ]\n}\n```\n\nYou can then load your own rule set with the following command:\n```\nyar -u username --rules PATH_TO_JSON_FILE\n```\n\nIf you already have a truffleHog config and want to port it over to a yar config there is a script in the config folder that does it for you.\nSimply run `python3 trufflestoconfig.py PATH_TO_TRUFFLEHOG_CONFIG` and the script will give you a file named `yarconfig.json`.\n\n### Don't like regex?\n```\nyar -u username --entropy\n```\n\n### Want the best of both worlds?\n```\nyar -u username --both\n```\n\n### Want to search as an authenticated user? \nAdd your github token to your environment variables.\n```\nexport YAR_GITHUB_TOKEN=YOUR_TOKEN_HERE\n```\n\n### Want to save your findings to a JSON file for later analysis?\n```\nyar -o orgname --save\n```\n\n### Don't like the default colors and want to add your own color settings?\nIt is possible to customize the colors of the output for Yar through environment variables.\nThe possible colors to choose from are the following:\n```\nblack\nblue\ncyan\ngreen\nmagenta\nred\nwhite\nyellow\nhiBlack\nhiBlue\nhiCyan\nhiGreen\nhiMagenta\nhiRed\nhiWhite\nhiYellow\n```\nEach color can then be suffixed with `bold`, i.e. `blue bold` to make the letters bold.\n\nThis is done through the following env variables:\n```\nYAR_COLOR_VERBOSE -\u003e Color of verbose lines.\nYAR_COLOR_SECRET -\u003e Color of the highlighted secret.\nYAR_COLOR_INFO -\u003e Color of info, that is, simple strings that tell you something.\nYAR_COLOR_DATA -\u003e Color of data, i.e. commit message, reason, etc.\nYAR_COLOR_SUCC -\u003e Color of succesful messages.\nYAR_COLOR_WARN -\u003e Color of warnings.\nYAR_COLOR_FAIL -\u003e Color of fatal warnings.\n```\nLike so `export YAR_COLOR_SECRET=\"hiRed bold\"`.\n\n## Extra Knowledge\nThere are some design decisions which might be good to know about. Yar saves all cloned github repos\nin a folder named yar within the temp directory. Yar then tries to load github repos from this cache\nby default, if you don't want to load from cache then you can add the `--no-cache` flag.\n\nYar also clones bare repos by default, if you want to get all files within a repo and not just the \nmetadata then you can add the `--no-bare` flag.\n\nIf you want to remove repos from cache then you can use the `--cleanup` flag. This flag \neither removes the whole cache if no folder was specified or just removes the specified folder. The\nfolder structure within the cache folder is like so:\n```\n/yar\n|--- /User1\n| |--- /Repo1\n| |--- /Repo2\n|\n|--- /User2\n| |--- /Repo1\n| |--- /Repo2\n\n```\nSo you can run `--cleanup User1` to remove the cache of User1 or `--cleanup User1/Repo1` to clean up\nRepo1 of User1. You can think of the flag as a wrapper around `rm -r /tmp/yar/{USER_INPUT}`.\n\nFinally yar goes 10000 commits deep by default and goes through them in order of time\n(oldest to newest). This depth is configurable so if you ever want to cover more or fewer commits\nsimply add the `--depth` flag with the depth you want.\n\n## Help\n```\nusage: yar [-h|--help] [-o|--org \"\u003cvalue\u003e\"] [-u|--user \"\u003cvalue\u003e\"] [-r|--repo\n \"\u003cvalue\u003e\"] [-c|--context \u003cinteger\u003e] [-e|--entropy] [-b|--both]\n [-f|--forks] [-n|--noise \"\u003cvalue\u003e\"] [-d|--depth \u003cinteger\u003e]\n [-C|--config \u003cfile\u003e] [--no-bare] [--no-cache] [--no-context]\n [--include-members] [--skip-duplicates] [--cleanup \"\u003cvalue\u003e\"]\n [-s|--save \"\u003cvalue\u003e\"]\n\n Sail ye seas of git for booty is to be found\n\nArguments:\n\n -h --help Print help information\n -o --org Organization to plunder\n -u --user User to plunder\n -r --repo Repository to plunder\n -c --context Show N number of lines for context. Default: 2\n -e --entropy Search for secrets using entropy analysis. Default:\n false\n -b --both Search by using both regex and entropy analysis.\n Overrides entropy flag. Default: false\n -f --forks Specifies whether forked repos are included or not.\n Default: false\n -n --noise Specify the range of the noise for rules. Can be\n specified as up to (and including) a certain value\n (-4), from a certain value (5-), between two values\n (3-5), just a single value (4) or the whole range (-).\n Default: -3\n -d --depth Specify the depth limit of commits fetched when\n cloning. Default: 10000\n -C --config JSON file containing yar config.\n --no-bare Clone the whole repository. Default: false\n --no-cache Don't load from cache. Default: false\n --no-context Only show the secret itself, similar to trufflehog's\n regex output. Overrides context flag. Default: false\n --include-members Include an organization's members for plunderin'.\n Default: false\n --skip-duplicates Skip duplicate secrets within repositories. Default:\n false\n --cleanup Remove specified cloned directory within yar cache\n folder. Leave blank to remove the cache folder\n completely.\n -s --save Yar will save all findings to a specified file.\n Default: findings.json\n```\n\n## Acknowledgements\nIt is important to point out that this idea is inspired by the infamous [truffleHog](https://github.com/dxa4481/truffleHog) tool \nand the code used for entropy searching is in fact borrowed from the truffleHog repository which in turn is borrowed from \n[this blog post](http://blog.dkbza.org/2007/05/scanning-data-for-entropy-anomalies.html).\n\nThis project wouldn't have been possible without the following libraries:\n+ [go-github](https://github.com/google/go-github/)\n+ [go-git](https://github.com/src-d/go-git/)\n+ [fatih/color](https://github.com/fatih/color)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnielsing%2Fyar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnielsing%2Fyar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnielsing%2Fyar/lists"}