Pentest Tools

Published on March 2nd, 2016 📆 | 1661 Views ⚑

0

Gitminer – Automatic Search For GitHub


https://www.ispeech.org
Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site's search page.

[adsense size='1']

MOTIVATION
Demonstrates the fragility of trust in public repositories to store codes with sensitive information.

REQUERIMENTS

argparse
requests
json
lxml

INSTALL

git clone https://github.com/danilovazb/GitMiner

sudo apt-get install python-requests python-lxml 
OR
pip install lxml requests

HELP

usage: 
 β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— 
β–ˆβ–ˆβ•”β•β•β•β•β• β–ˆβ–ˆβ•‘β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•”β–ˆβ–ˆβ–ˆβ–ˆβ•”β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•
β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•  β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘ β•šβ•β• β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘
 β•šβ•β•β•β•β•β• β•šβ•β•   β•šβ•β•   β•šβ•β•     β•šβ•β•β•šβ•β•β•šβ•β•  β•šβ•β•β•β•β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β• v1.1
 Automatic search for GitHub.                                                            

 + Autor: Danilo Vaz a.k.a. UNK
 + Blog: https://unk-br.blogspot.com
 + Github: https://github.com/danilovazb
 + Gr33tz: l33t0s, RTFM

 +[WARNING]------------------------------------------+
 | THIS TOOL IS THE PENALTY FOR EDUCATIONAL USE,     |
 | THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE TO   |
 | THE TOOL THAT USE.                                |
 +---------------------------------------------------+


       [-h] [-q 'filename:shadown path:etc']
       [-m wordpress] [-o result.txt]

optional arguments:
  -h, --help            show this help message and exit
  -q 'filename:shadown path:etc', --query 'filename:shadown path:etc'
                        Specify search term
  -m wordpress, --module wordpress
                        Specify the search module
  -o result.txt, --output result.txt
                        Specify the output file where it will be
                        saved

EXAMPLE
Searching for wordpress configuration files with passwords:

[adsense size='2']





$:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -o result.txt

 

Looking for brasilian government files containing passwords:

$:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas

Looking for shadow files on the etc paste:

$:> python git_miner.py --query 'filename:shadow path:etc' -m root

Searching for joomla configuration files with passwords:

$:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla

 

[adsense size='4']

Download Gitminer



Comments are closed.