Github is a remarkable place to collect data on a target, be it for a legitimate security engagement or to test your own security. It is a Ruby-based platform that can quickly build a local, searchable framework of all code released to Github by a particular organization. Once installation is complete, usability is trivial.
gitrob -o <org> (eg: gitrob -o aol)
Installation (assumes you are building on Kali):
- Navigate to /opt/ and issue the following:
git clone https://github.com/logikphreak/gitrob.git
- Issue the following: sudo -u postgres -i
- Create your progress account and database with the following:
createuser -s gitrob –pwprompt
createdb -O gitrob gitrob
- For Gitrob to work properly, you will need to create an API key in your Github account. This is quite simple. After assuring you are logged into github, navigate to https://github.com/settings/applications and generate a new key.
Copy the value as you will need it later.
- Issue the command “gem install gitrob” in the /opt/gitrob–0.0.5/
- Issue gitrob –configure (pasting your api key and password created during the postgres process).
- Finally, issue (gitrob -o orgname) and let it work. A web service will be spawned when it is complete that can be utilized for searching for leaked sensitive information.
Pro Tip: You can easily print the browser tabs into PDF’s and echo the gitrob routine into a text file. This is particularly useful for evidence in your reports.
Hat tip to Michael for the incredibly tool.