Haxf4rall
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
  • Home
  • 2018
  • July
  • 24
  • Gitrob – Reconnaissance Tool for GitHub Organizations

Gitrob – Reconnaissance Tool for GitHub Organizations

July 24, 2018July 27, 2019 Comments Off on Gitrob – Reconnaissance Tool for GitHub Organizations
gitrob gitrob enterprise gitrob server gitrob tutorial gitrob usage how to use gitrob

Gitrob is a command line device which will help organizations and security professionals discover delicate data lingering in publicly accessible recordsdata on GitHub.

The device will iterate over all public group and member repositories and match filenames in opposition to a spread of patterns for recordsdata that sometimes comprise delicate or harmful data.
Looking for delicate data in GitHub repositories shouldn’t be a brand new factor, it has been known for a while that issues comparable to non-public keys and credentials could be discovered with GitHub’s search performance, nonetheless, Gitrob makes it simpler to focus the hassle on a selected group.

Installation
1. Ruby
Gitrob is written in Ruby and requires at the least model 1.9. or above. To verify which model of Ruby you have got put in, merely run

ruby –version

in a terminal.

Should you have got an older model put in, it is extremely straightforward to improve and handle totally different variations with the Ruby Version Manager (RVM). Please see the RVM website for set up directions.
2. RubyGems
Gitrob is packaged as a Ruby gem to make it straightforward to put in and replace. To set up Ruby gems you may want the RubyGems device put in. To verify in case you have it already, kind

gem

in a Terminal. If you bought it already, it’s endorsed to do a fast

gem replace –system

to be sure to have the most recent and biggest model. In case you do not have it put in, obtain it from here and comply with the straightforward set up directions.

. PostgreSQL
Gitrob makes use of a PostgreSQL database to retailer all of the collected information. If you might be organising Gitrob within the Kali linux distribution you have already got it put in, you simply want to ensure it is operating by executing

service postgresql begin

and set up a dependency with

apt-get set up libpq-dev

in a terminal. Here’s a wonderful guide on methods to set up PostgreSQL on a Debian primarily based Linux system. If you might be organising Gitrob on a Mac, the simplest method to set up PostgreSQL is with Homebrew. Here’s a guide on methods to set up PostgreSQL with Homebrew.

.1 PostgreSQL person and database
You must arrange a person and a database in PostgreSQL for Gitrob. Execute the next instructions in a terminal:

sudo su postgres # Not needed on Mac OS X createuser -s gitrob –pwprompt createdb -O gitrob gitrob

You now have a brand new PostgreSQL person with the title

gitrob

and with the password you typed into the immediate. You additionally created a database with the title

gitrob

which is owned by the

gitrob

person.

four. GitHub entry tokens
Gitrob works by querying the GitHub API for fascinating data, so that you want at the least one entry token to stand up and operating. The easiest method is to create a Personal Access Token. Press the

Generate new token

button and provides the token an outline. If you plan on utilizing Gitrob in opposition to organizations you are not a member of you need not give the token any scopes, as we are going to solely be accessing public information. If you plan to run Gitrob in opposition to your individual group, you may must verify the

learn:org

scope to get full protection.
If you intend on utilizing Gitrob extensively or in opposition to a really giant group, it may be essential to have a number of entry tokens to keep away from operating into price limiting. These entry tokens should be from totally different person accounts.

5. Gitrob
With all of the earlier steps accomplished, now you can lastly set up Gitrob itself with the next command in a terminal:

gem set up gitrob

This will set up the Gitrob Ruby gem together with all its dependencies. Congratulations!

6. Configuring Gitrob
Gitrob must know methods to discuss to the PostgreSQL database in addition to what entry token to make use of to entry the GitHub API. Gitrob comes with a handy configuration wizard which could be invoked with the next command in a terminal:

gitrob configure

The configuration wizard will ask you for the data wanted to arrange Gitrob. All the data is saved to

~/.gitrobrc

and sure, Gitrob will likely be trying for this file too, so be careful!

Usage

Analyzing organizations and customers
Analyzing organizations and customers is the principle function of Gitrob. The

analyze

command accepts an arbitrary quantity of group and person logins, which will likely be bundled into an assessment:

gitrob analyze acme,johndoe,janedoe

Mixing organizations and customers is handy if you realize sure person is a part of a company however they don’t have their membership public.
When the assessment is completed, the

analyze

command will routinely begin up the online server to current the outcomes. This could be prevented by including the

–no-server

choice to the command.
See

gitrob assist analyze

for extra choices.

Running Gitrob in opposition to customized GitHub Enterprise installations
Gitrob can analyze organizations and customers on customized GitHub Enterprise installations as an alternative of the official GitHub site. The

analyze

command takes a number of choices to manage this:

gitrob analyze johndoe –site=https://github.acme.com –endpoint=https://github.acme.com/api/v3 –access-tokens=token1,token2

See

gitrob assist analyze

for extra choices.

Starting the Gitrob net server
The Gitrob net server could be began with the

server

command:

gitrob server

By default, the server will hear on localhost:9393. This can, in fact, all be managed:

gitrob server –bind-deal with=zero.zero.zero.zero –port=8000

See for

gitrob assist server

extra choices.

Adding customized signatures
If you need to look for recordsdata which are particular to your organisation or initiatives, it’s straightforward so as to add customized signatures.
When Gitrob begins it appears to be like for a file at

~/.gitrobsignatures

which it expects to be a JSON doc with signatures that comply with the identical construction as the principle signatures.json file. Here is an instance:

[ ]

This signature instructs Gitrob to flag recordsdata the place the filename precisely matches

otr.private_key

. The caption and outline are used within the net interface when displaying the findings.

Signature keys

  • half

    : Can be one in all:

    • path

      : The full file path

    • filename

      : Only the filename

    • extension

      : Only the file extension

  • kind

    : Can be one in all:

    • match

      : Simple match of half and sample

    • regex

      : Regular expression matching of half and sample

  • sample

    : The worth or common expression to match with

  • caption

    : A brief description of the discovering

  • description

    : More detailed description if wanted (set to

    null

    if not).

Have a take a look at the principle signatures.json file for extra examples of signatures.

Download Gitrob

Post navigation

E013 – WiFi Password Stealer (For Microsoft Windows)
Tcpflow – To Monitor, Capture & Dump Packets

Related Articles

PlutoCrypt Ransomware Decryptor

PlutoCrypt Ransomware Decryptor

- Hack Tools
May 27, 2023
CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

- Hack Tools
May 26, 2023
PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

- Hack Tools
May 26, 2023
hacker gadgets
hacker phone covers

Recent Posts

PlutoCrypt Ransomware Decryptor

PlutoCrypt Ransomware Decryptor

May 27, 2023
Galaxy Fold 4

Samsung to improve the durability of the waterdrop hinges in the foldable smartphones

May 26, 2023
CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

CISA Adds CVE-2023-2868 Vulnerability to KEV Catalog

May 26, 2023
Google releases Chrome version 111 to fix 40 security vulnerabilities

Google releases Chrome version 111 to fix 40 security vulnerabilities

May 26, 2023
PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

PoC Exploit Released for GitLab CVE-2023-2825 Vulnerability

May 26, 2023
CVE View

Mondoo v7.17.1 releases: Cloud-Native Security & Vulnerability Risk Management

February 16, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Categories

  • Secure Coding
  • Documentary
  • Courses & Ebooks
  • Hack Tools
  • Hacking Tutorials
  • Mobile Hacking
  • News
  • Operating Systems
  • TOR
  • Tricks & How To’s

Active Members

Useful Links

Contact Us

Disclaimer

Privacy Policy

Submit a Tool

Copyright 2019. All rights reserved | Theme: OMag by LilyTurf Themes