+ Autor: Danilo Vaz a.k.a. UNK
+ Blog: http://unk-br.blogspot.com
+ Github: http://github.com/danilovazb
+ Twitter: https://twitter.com/danilovaz_unk
+---------------------------------------------------+
| DEVELOPERS ASSUME NO LIABILITY AND ARE NOT |
| RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY |
| THIS PROGRAM |
+---------------------------------------------------+
Advanced search tool and automation in Github.
This tool aims to facilitate research by code or code
snippets on github through the site's search page.
Demonstrates the fragility of trust in public repositories to store codes with sensitive information.
lxml
requests
git clone http://github.com/danilovazb/GitMiner
sudo apt-get install python-requests python-lxml
OR
pip install -r requirements.txt
██████╗ ██╗████████╗███╗ ███╗██╗███╗ ██╗███████╗██████╗
██╔════╝ ██║╚══██╔══╝████╗ ████║██║████╗ ██║██╔════╝██╔══██╗
██║ ███╗██║ ██║ ██╔████╔██║██║██╔██╗ ██║█████╗ ██████╔╝
██║ ██║██║ ██║ ██║╚██╔╝██║██║██║╚██╗██║██╔══╝ ██╔══██╗
╚██████╔╝██║ ██║ ██║ ╚═╝ ██║██║██║ ╚████║███████╗██║ ██║
╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝ v1.1
Automatic search for GitHub.
+ Autor: Danilo Vaz a.k.a. UNK
+ Blog: http://unk-br.blogspot.com
+ Github: http://github.com/danilovazb
+ Gr33tz: l33t0s, RTFM
+[WARNING]------------------------------------------+
| DEVELOPERS ASSUME NO LIABILITY AND ARE NOT |
| RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY |
| THIS PROGRAM |
+---------------------------------------------------+
[-h] [-q 'filename:shadow path:etc']
[-m wordpress] [-o result.txt]
[-c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4]
optional arguments:
-h, --help show this help message and exit
-q 'filename:shadow path:etc', --query 'filename:shadow path:etc'
Specify search term
-m wordpress, --module wordpress
Specify the search module
-o result.txt, --output result.txt
Specify the output file where it will be
saved
-c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4, --cookie pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
Specify the cookie for your github
Searching for wordpress configuration files with passwords:
$:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt
Looking for brasilian government files containing passwords:
$:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
Looking for shadow files on the etc paste:
$:> python git_miner.py --query 'filename:shadow path:etc' -m root -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
Searching for joomla configuration files with passwords:
$:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4
