https://github.com/hahwul/gitls

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
https://github.com/hahwul/gitls

bugbounty butbountytips cli-tool fetcher git github security security-tools tool whitebox-testing

Last synced: 5 days ago
JSON representation

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

• Host: GitHub
• URL: https://github.com/hahwul/gitls
• Owner: hahwul
• License: mit
• Created: 2021-01-29T01:24:43.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2023-05-06T07:34:45.000Z (over 1 year ago)
• Last Synced: 2024-10-25T01:32:28.608Z (13 days ago)
• Topics: bugbounty, butbountytips, cli-tool, fetcher, git, github, security, security-tools, tool, whitebox-testing
• Language: Go
• Homepage:
• Size: 3.65 MB
• Stars: 58
• Watchers: 4
• Forks: 9
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

• WebHackersWeapons - gitls

README

        


  


  

  


  

  

  

  

  



> Enumerate git repository URL from list of `URL` / `User` / `Org`. Friendly to pipeline

This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user.

This can be used for various actions such as scanning or cloning for multiple repositories.

> 🚧 NOTICE 


For unauthenticated requests in github api, the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originating IP address, and not the user making requests.

[https://docs.github.com/en/rest/overview/resources-in-the-rest-api](https://docs.github.com/en/rest/overview/resources-in-the-rest-api)



So too many tasks can be blocked by the API for a certain time from github. In this case, you can select the appropriate destination or access and use any IP using the torsocks(e.g `torsocks gitls -l user.list`) or `-tor` or `-proxy http://localhost:` options.

![](https://user-images.githubusercontent.com/13212227/190673282-5c0611dc-a594-4ed4-8b8c-e9be1a6257ac.png)

## Installation

### From go-get

```

▶ go install -v github.com/hahwul/gitls@latest

```

### Using homebres

```

▶ brew tap hahwul/gitls

▶ brew install gitls

```

### Using snapcraft

```

▶ sudo snap install gitls

```

## Usage 

```

Usage of gitls:

  -include-users

    	include repo of org users(member)

  -l string

    	List of targets (e.g -l sample.lst)

  -o string

    	write output file (optional)

  -proxy string

    	using custom proxy

  -tor

    	using tor proxy / localhost:9050

  -version

    	version of gitls

```

## Case Study

### Make all repo urls from repo/org/user urls

sample.lst

```

https://github.com/hahwul

https://github.com/tomnomnom/gron

https://github.com/tomnomnom/httprobe

https://github.com/s0md3v

```

make repo url list from sample file

```

▶ gitls -l sample.lst

https://github.com/hahwul/a2sv

https://github.com/hahwul/action-dalfox

https://github.com/hahwul/asset-of-hahwul.com

https://github.com/hahwul/awesome-zap-extensions

https://github.com/hahwul/backbomb

https://github.com/hahwul/booungJS

https://github.com/hahwul/buildpack-nmap

https://github.com/hahwul/buildpack-zap-daemon

https://github.com/hahwul/can-i-protect-xss

https://github.com/hahwul/cyan-snake

https://github.com/hahwul/dalfox

https://github.com/hahwul/DevSecOps

https://github.com/hahwul/droid-hunter

https://github.com/hahwul/exploit-db_to_dokuwiki

https://github.com/hahwul/ftc

https://github.com/hahwul/gitls

https://github.com/hahwul/go-github-selfupdate-patched

https://github.com/hahwul/hack-pet

...snip...

https://github.com/hahwul/zap-cloud-scan

https://github.com/tomnomnom/gron

https://github.com/tomnomnom/httprobe

https://github.com/s0md3v/Arjun

https://github.com/s0md3v/AwesomeXSS

https://github.com/s0md3v/Blazy

https://github.com/s0md3v/Bolt

...snip...

https://github.com/s0md3v/velocity

https://github.com/s0md3v/XSStrike

https://github.com/s0md3v/Zen

https://github.com/s0md3v/zetanize

```

### Get all repository in org and included users(members)

```

▶ echo https://github.com/paypal | ./gitls -include-users

```

```

....

https://github.com/paypal/tech-talks

https://github.com/paypal/TLS-update

https://github.com/paypal/yurita

https://github.com/ahunnargikar

https://github.com/ahunnargikar/docker-chronos-image

https://github.com/ahunnargikar/docker-tomcat7

https://github.com/ahunnargikar/DockerConDemo

https://github.com/ahunnargikar/elasticsearch-registry-backend

https://github.com/ahunnargikar/elasticsearchindex

https://github.com/ahunnargikar/jenkins-dind

https://github.com/ahunnargikar/jenkins-standalone

https://github.com/ahunnargikar/vagrant-mesos

https://github.com/ahunnargikar/vagrant_docker_registry

https://github.com/anandpalanisamy

https://github.com/anilgursel

https://github.com/anilgursel/squbs-sample

https://github.com/bluepnume

```

### Automated testing with [gitleaks](https://github.com/zricethezav/gitleaks)

```

▶ gitls -l sample.lst | xargs -I % gitleaks --repo-url=% -v

```

### All clone target's repo

```

▶ echo "https://github.com/paypal" | gitls | xargs -I % git clone %

```

## Contributors

![](/CONTRIBUTORS.svg)