This repository has been archived by the owner on Jan 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 825
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Michael Henriksen
committed
Jun 9, 2018
0 parents
commit d2c4339
Showing
42 changed files
with
4,255 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
Hey there and thank you for using the issue tracker! | ||
|
||
## Checklist before filing an issue: | ||
|
||
- [ ] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome. | ||
- [ ] Have a usage question? Ask your question on [StackOverflow](http://stackoverflow.com), [StackExchange Security](https://security.stackexchange.com) or similar platform. | ||
- [ ] Have an idea for a feature? Make sure that it hasn't been suggested before and describe your idea in detail. | ||
|
||
## None of the above? create a bug report | ||
|
||
Make sure to add **all the information needed to understand the bug** so that someone can help. If information is missing, the issue will be labeled with 'Needs more information' and closed until there is enough information. | ||
|
||
## Expected Behavior | ||
|
||
|
||
## Actual Behavior | ||
|
||
|
||
## Steps to Reproduce the Problem | ||
|
||
1. | ||
2. | ||
3. | ||
|
||
## Specifications | ||
|
||
- Gitrob version: | ||
- Operating system: | ||
- Go version: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
**IMPORTANT: Please do not create a Pull Request without creating an issue first.** | ||
|
||
*Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of the pull request.* | ||
|
||
Please provide enough information so that others can review your pull request: | ||
|
||
<!-- You can skip this if you're fixing a typo or similar tiny fix. --> | ||
|
||
Explain the **details** for making this change. What existing problem does the pull request solve? | ||
|
||
<!-- Example: When "Adding a function to do X", explain why it is necessary to have a way to do X. --> | ||
|
||
**Closing issues** | ||
|
||
Put `closes #XXXX` in your comment to auto-close the issue that your PR fixes (if such). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
# Binaries for programs and plugins | ||
*.exe | ||
*.exe~ | ||
*.dll | ||
*.so | ||
*.dylib | ||
gitrob | ||
gitrob.exe | ||
|
||
build | ||
|
||
# Test binary, build with `go test -c` | ||
*.test | ||
|
||
# Output of the go coverage tool, specifically when used with LiteIDE | ||
*.out | ||
|
||
# Dropbox settings and caches | ||
.dropbox | ||
.dropbox.attr | ||
.dropbox.cache | ||
|
||
# temporary files which can be created if a process still has a handle open of a deleted file | ||
.fuse_hidden* | ||
|
||
# KDE directory preferences | ||
.directory | ||
|
||
# Linux trash folder which might appear on any partition or disk | ||
.Trash-* | ||
|
||
# .nfs files are created when an open file is removed but is still being accessed | ||
.nfs* | ||
|
||
|
||
# TextMate | ||
*.tmproj | ||
*.tmproject | ||
tmtags | ||
|
||
# Swap | ||
[._]*.s[a-v][a-z] | ||
[._]*.sw[a-p] | ||
[._]s[a-v][a-z] | ||
[._]sw[a-p] | ||
|
||
# Session | ||
Session.vim | ||
|
||
# Temporary | ||
.netrwhist | ||
*~ | ||
# Auto-generated tag files | ||
tags | ||
|
||
# General | ||
.DS_Store | ||
.AppleDouble | ||
.LSOverride | ||
|
||
# Icon must end with two \r | ||
Icon | ||
|
||
|
||
# Thumbnails | ||
._* | ||
|
||
# Files that might appear in the root of a volume | ||
.DocumentRevisions-V100 | ||
.fseventsd | ||
.Spotlight-V100 | ||
.TemporaryItems | ||
.Trashes | ||
.VolumeIcon.icns | ||
.com.apple.timemachine.donotpresent | ||
|
||
# Directories potentially created on remote AFP share | ||
.AppleDB | ||
.AppleDesktop | ||
Network Trash Folder | ||
Temporary Items | ||
.apdisk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
|
||
# Changelog | ||
All notable changes to this project will be documented in this file. | ||
|
||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) | ||
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). | ||
|
||
## [Unreleased] | ||
|
||
## 2.0.0-beta - 2018-06-08 | ||
### Added | ||
- Total rewrite of Gitrob in [Golang](https://golang.org/) | ||
- Find interesting files in history down to a default (and configurable) depth of 500 commits | ||
- Hexdump view for binary files | ||
- Saving and loading of session files for easy sharing | ||
|
||
### Removed | ||
- All the stupid Rubygems with native extensions | ||
- PostgreSQL dependency | ||
- Messy assessment comparison feature | ||
- User overview | ||
- Repository overview | ||
|
||
[Unreleased]: https://github.com/michenriksen/gitrob/compare/v2.0.0-beta...HEAD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2018 Michael Henriksen | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Gitrob: Putting the Open Source in OSINT | ||
|
||
Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis. | ||
|
||
## Usage | ||
|
||
gitrob [options] target [target2] ... [targetN] | ||
|
||
### Options | ||
|
||
``` | ||
-bind-address string | ||
Address to bind web server to (default "127.0.0.1") | ||
-commit-depth int | ||
Number of repository commits to process (default 500) | ||
-debug | ||
Print debugging information | ||
-github-access-token string | ||
GitHub access token to use for API requests | ||
-load string | ||
Load session file | ||
-no-expand-orgs | ||
Don't add members to targets when processing organizations | ||
-port int | ||
Port to run web server on (default 9393) | ||
-save string | ||
Save session to file | ||
-silent | ||
Suppress all output except for errors | ||
-threads int | ||
Number of concurrent threads (default number of logical CPUs) | ||
``` | ||
|
||
### Saving session to a file | ||
|
||
By default, gitrob will store its state for an assessment in memory. This means that the results of an assessment is lost when Gitrob is closed. You can save the session to a file by using the `-save` option: | ||
|
||
gitrob -save ~/gitrob-session.json acmecorp | ||
|
||
Gitrob will save all the gathered information to the specified file path as a special JSON document. The file can be loaded again for browsing at another point in time, shared with other analysts or parsed for custom integrations with other tools and systems. | ||
|
||
### Loading session from a file | ||
|
||
A session stored in a file can be loaded with the `-load` option: | ||
|
||
gitrob -load ~/gitrob-session.json | ||
|
||
Gitrob will start its web interface and serve the results for analysis. | ||
|
||
## Installation | ||
|
||
A [precompiled version is available](https://github.com/michenriksen/gitrob/releases) for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary. | ||
|
||
Make sure you have a correctly configured **Go >= 1.8** environment and that `$GOPATH/bin` is in your `$PATH` | ||
|
||
$ go get github.com/michenriksen/gitrob | ||
|
||
This command will download gitrob, install its dependencies, compile it and move the `gitrob` executable to `$GOPATH/bin`. | ||
|
||
### Github access token | ||
|
||
Gitrob will need a Github access token in order to interact with the Github API. [Create a personal access token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) and save it in an environment variable in your `.bashrc` or similar shell configuration file: | ||
|
||
export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef | ||
|
||
Alternatively you can specify the access token with the `-github-access-token` option, but watch out for your command history! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
#!/bin/bash | ||
|
||
BUILD_FOLDER=build | ||
VERSION=$(cat core/banner.go | grep Version | cut -d '"' -f 2) | ||
|
||
bin_dep() { | ||
BIN=$1 | ||
which $BIN > /dev/null || { echo "[-] Dependency $BIN not found !"; exit 1; } | ||
} | ||
|
||
create_exe_archive() { | ||
bin_dep 'zip' | ||
|
||
OUTPUT=$1 | ||
|
||
echo "[*] Creating archive $OUTPUT ..." | ||
zip -j "$OUTPUT" gitrob.exe ../README.md ../LICENSE.txt > /dev/null | ||
rm -rf gitrob gitrob.exe | ||
} | ||
|
||
create_archive() { | ||
bin_dep 'zip' | ||
|
||
OUTPUT=$1 | ||
|
||
echo "[*] Creating archive $OUTPUT ..." | ||
zip -j "$OUTPUT" gitrob ../README.md ../LICENSE.md > /dev/null | ||
rm -rf gitrob gitrob.exe | ||
} | ||
|
||
build_linux_amd64() { | ||
echo "[*] Building linux/amd64 ..." | ||
GOOS=linux GOARCH=amd64 go build -o gitrob .. | ||
} | ||
|
||
build_macos_amd64() { | ||
echo "[*] Building darwin/amd64 ..." | ||
GOOS=darwin GOARCH=amd64 go build -o gitrob .. | ||
} | ||
|
||
build_windows_amd64() { | ||
echo "[*] Building windows/amd64 ..." | ||
GOOS=windows GOARCH=amd64 go build -o gitrob.exe .. | ||
} | ||
|
||
rm -rf $BUILD_FOLDER | ||
mkdir $BUILD_FOLDER | ||
cd $BUILD_FOLDER | ||
|
||
build_linux_amd64 && create_archive gitrob_linux_amd64_$VERSION.zip | ||
build_macos_amd64 && create_archive gitrob_macos_amd64_$VERSION.zip | ||
build_windows_amd64 && create_exe_archive gitrob_windows_amd64_$VERSION.zip | ||
shasum -a 256 * > checksums.txt | ||
|
||
echo | ||
echo | ||
du -sh * | ||
|
||
cd -- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package core | ||
|
||
const ( | ||
Name = "gitrob" | ||
Version = "2.0.0-beta" | ||
Author = "Michael Henriksen" | ||
Website = "https://github.com/michenriksen/gitrob" | ||
ASCIIBanner = " _ __ __\n" + | ||
" ___ _(_) /________ / /\n" + | ||
" / _ `/ / __/ __/ _ \\/ _ \\\n" + | ||
" \\_, /_/\\__/_/ \\___/_.__/\n" + | ||
"/___/ by @michenriksen" | ||
) |
Oops, something went wrong.