Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/audibleblink/git-ls

List (or plunder) private repos/gists to which a token has access, including those of other users
https://github.com/audibleblink/git-ls

golang offsec osint redteam

Last synced: 2 months ago
JSON representation

List (or plunder) private repos/gists to which a token has access, including those of other users

Host: GitHub
URL: https://github.com/audibleblink/git-ls
Owner: audibleblink
Created: 2019-07-18T23:37:32.000Z (over 5 years ago)
Default Branch: main
Last Pushed: 2022-01-29T01:46:00.000Z (about 3 years ago)
Last Synced: 2024-06-19T02:02:19.797Z (8 months ago)
Topics: golang, offsec, osint, redteam
Language: Go
Homepage:
Size: 34.2 KB
Stars: 11
Watchers: 3
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: readme.md

Awesome Lists containing this project

README

        # git-ls

Explore github content given a valid token.

## Usage

The token is read from the `GITHUB_TOKEN` environment variable. I chose this so I don't end up

putting tokens in HISTFILEs. Your options are to source it from a file with `source .env`, export

it in your shell session, or go ahead and prepend it like so: `GITHUB_TOKEN=xyz git-ls user`.

Run `git-ls` with no arguments to see what data can be listed.

## Examples

Below are some useful filters to use with `jq`, the CLI json parser.

```bash

# Just private gists

❯❯ git-ls gists | jq '.[] | select(.Private == true)'

# Just repo names

❯❯ git-ls repos | jq -r '.[].Name'

# Repos that don't belong to the GITHUB_TOKEN owner

❯❯ git-ls repos | jq '.[] | select(.Owner != "audibleblink")'

# or

❯❯ git-ls collabs

```

## Properties

I tried to select the most useful properties returned by the GitHub API to keep noise low.

These are the properties that you can filter on with `jq`

### Gists

* Owner

* Description

* GitPullUrl

* Files

* Private

### Repos

* Name

* Description

* URL

* Owner

* Organization

* StargazersConut

* Private

## Accessing Data

If you have the API token that got you this far, 

it can be placed into an HTTP clone request.

```bash

git clone https://${GITHUB_TOKEN}@github.com/someOrg/someRepo

```

If you just want all the secret repos the token has access to

```bash

git-ls plunder

```

To export all repos, regardless of them being private or public:

```bash

git-ls export

```

![](https://i.imgur.com/lcn6Wop.png)

![](https://i.imgur.com/s587JPU.png)