GitMiner:Github敏感信息泄露高级挖掘工具

GitMiner介绍

Github 中的自动化高级搜索工具。 这个工具的目的是通过搜索 github 上的代码或代码片段发现敏感信息泄露。证明公共存储库存储敏感信息代码的脆弱性。

GitMiner:Github敏感信息泄露高级挖掘工具
GitMiner github信息泄露扫描工具

要求

  • lxml
  • requests
  • argparse
  • json
  • re

GitMiner安装

$ git clone http://github.com/UnkL4b/GitMiner

$ cd GitMiner

~/GitMiner $ pip3 install -r requirements.txt

Docker安装

$ git clone http://github.com/UnkL4b/GitMiner
$ cd GitMiner
$ docker build -t gitminer .
$ docker run -it gitminer -h

帮助


 UnkL4b
__ Automatic search for Github
((OO)) ▄██████▓▄▄▄█████▓ ███▄ ▄███▓ ██▓ ███▄█ ▓███████▀███
 \__/ ██▒ ▀█▒▓██▒▓██▒ ▓▒▓██▒▀█▀ ██▒▓██▒ ██ ▀█ █ ▓█ ▀ ▓██ ▒ ██▒OO
|^|▒██░▄▄▄░▒██▒▒ ▓██░ ▒░▓██▓██░▒██▒▓██▀█ ██▒▒███ ▓██ ░▄█ ▒oOo
| |░▓███▓░██░░ ▓██▓ ░ ▒██▒██ ░██░▓██▒▐▌██▒▒▓█▄ ▒██▀▀█▄OoO
| |░▒▓███▀▒░██░▒██▒ ░ ▒██▒ ░██▒░██░▒██░ ▓██░░▒████▒░██▓ ▒██▒/oOo 
| |___░▒___▒_░▓____▒_░░___░_▒░___░__░░▓__░_▒░___▒_▒_░░_▒░_░░_▒▓_░▒▓░_/ /
\______░___░__▒_░____░____░__░______░_▒_░░_░░___░_▒░_░_░__░__░▒_░_▒░__/v2.0
 ░ ░ ░▒ ░░░░▒ ░ ░ ░ ░░ ░░ ░ 
 ░░░░ ░░░ ░ 

-> github.com/UnkL4b
-> unkl4b.github.io

+---------------------[WARNING]---------------------+
| DEVELOPERS ASSUME NO LIABILITY AND ARE NOT|
| RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY|
| THIS PROGRAM|
+---------------------------------------------------+ 
 [-h] [-q 'filename:shadow path:etc']
 [-m wordpress] [-o result.txt]
 [-r '/^\s*.*?;?\s*$/gm']
 [-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83]

optional arguments:
-h, --helpshow this help message and exit
-q 'filename:shadow path:etc', --query 'filename:shadow path:etc'
Specify search term
-m wordpress, --module wordpress
Specify the search module
-o result.txt, --output result.txt
Specify the output file where it will be
saved
-r '/^\s*(.*?);?\s*$/gm', --regex '/^\s*(.*?);?\s*$/gm'
Set regex to search in file
-c _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83, --cookie _octo=GH1.1.2098292984896.153133829439; _ga=GA1.2.36424941.153192375318; user_session=oZIxL2_ajeDplJSndfl37ddaLAEsR2l7myXiiI53STrfhqnaN; __Host-user_session_same_site=oXZxv9_ajeDplV0gAEsmyXiiI53STrfhDN; logged_in=yes; dotcom_user=unkl4b; tz=America%2FSao_Paulo; has_recent_activity=1; _gh_sess=MmxxOXBKQ1RId3NOVGpGcG54aEVnT1o0dGhxdGdzWVpySnFRd1dVYUk5TFZpZXFuTWxOdW1FK1IyM0pONjlzQWtZM2xtaFR3ZDdxlGMCsrWnBIdnhUN0tjVUtMYU1GeG5Pbm5DMThuWUFETnZjcllGOUNkRGUwNUtKOVJTaGR5eUJYamhWRE5XRnMWZZN3Y3dlpFNDZXL1NWUEN4c093RFhQd3RJQ1NBdmhrVDE3VVNiUFF3dHBycC9FeDZ3cFVXV0ZBdXZieUY5WDRlOE9ZSG5sNmRHUmllcmk0Up1MTcyTXZrN1RHYmJSdz09--434afdd652b37745f995ab55fc83
Specify the cookie for your github

使用示例

用密码搜索 wordpress 配置文件:

$:> python3 gitminer-v2.0.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4 -o result.txt

寻找包含密码的巴西政府文件:

$:> python3 gitminer-v2.0.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas -c pAAAhPOma9jEsXyLWZ-16RTTsGI8wDawbNs4

Dork to search

DorkDescription
filename:.npmrc _authnpm registry authentication data
filename:.dockercfg authdocker registry authentication data
extension:pem privateprivate keys
extension:ppk privateputtygen private keys
filename:id_rsa or filename:id_dsaprivate ssh keys
extension:sql mysql dumpmysql dump
extension:sql mysql dump passwordmysql dump look for password; you can try varieties
filename:credentials aws_access_key_idmight return false negatives with dummy values
filename:.s3cfgmight return false negatives with dummy values
filename:wp-config.phpwordpress config files
filename:.htpasswdhtpasswd files
filename:.env DB_USERNAME NOT homesteadlaravel .env (CI, various ruby based frameworks too)
filename:.env MAIL_HOST=smtp.gmail.comgmail smtp configuration (try different smtp services too)
filename:.git-credentialsgit credentials store, add NOT username for more valid results
PT_TOKEN language:bashpivotaltracker tokens
filename:.bashrc passwordsearch for passwords, etc. in .bashrc (try with .bash_profile too)
filename:.bashrc mailchimpvariation of above (try more variations)
filename:.bash_profile awsaws access and secret keys
rds.amazonaws.com passwordAmazon RDS possible credentials
extension:json api.forecast.iotry variations, find api keys/secrets
extension:json mongolab.commongolab credentials in json configs
extension:yaml mongolab.commongolab credentials in yaml configs (try with yml)
jsforce extension:js conn.loginpossible salesforce credentials in nodejs projects
SF_USERNAME salesforcepossible salesforce credentials
filename:.tugboat NOT _tugboatDigital Ocean tugboat config
HEROKU_API_KEY language:shellHeroku api keys
HEROKU_API_KEY language:jsonHeroku api keys in json files
filename:.netrc passwordnetrc that possibly holds sensitive credentials
filename:_netrc passwordnetrc that possibly holds sensitive credentials
filename:hub oauth_tokenhub config that stores github tokens
filename:robomongo.jsonmongodb credentials file used by robomongo
filename:filezilla.xml Passfilezilla config file with possible user/pass to ftp
filename:recentservers.xml Passfilezilla config file with possible user/pass to ftp
filename:config.json authsdocker registry authentication data
filename:idea14.keyIntelliJ Idea 14 key, try variations for other versions
filename:config irc_passpossible IRC config
filename:connections.xmlpossible db connections configuration, try variations to be specific
filename:express.conf path:.openshiftopenshift config, only email and server thou
filename:.pgpassPostgreSQL file which can contain passwords
filename:proftpdpasswdUsernames and passwords of proftpd created by cpanel
filename:ventrilo_srv.iniVentrilo configuration
[WFClient] Password= extension:icaWinFrame-Client infos needed by users to connect toCitrix Application Servers
filename:server.cfg rcon passwordCounter Strike RCON Passwords
JEKYLL_GITHUB_TOKENGithub tokens used for jekyll
filename:.bash_historyBash history file
filename:.cshrcRC file for csh shell
filename:.historyhistory file (often used by many tools)
filename:.sh_historykorn shell history
filename:sshd_configOpenSSH server config
filename:dhcpd.confDHCP service config
filename:prod.exs NOT prod.secret.exsPhoenix prod configuration file
filename:prod.secret.exsPhoenix prod secret
filename:configuration.php JConfig passwordJoomla configuration file
filename:config.php dbpasswdPHP application database password (e.g., phpBB forum software)
path:sites databases passwordDrupal website database credentials
shodan_api_key language:pythonShodan API keys (try other languages too)
filename:shadow path:etcContains encrypted passwords and account information of new unix systems
filename:passwd path:etcContains user account information including encrypted passwords of traditional unix systems
extension:avastlicContains license keys for Avast! Antivirus
extension:dbeaver-data-sources.xmlDBeaver config containing MySQL Credentials
filename:.esmtprc passwordesmtp configuration
extension:json googleusercontent client_secretOAuth credentials for accessing Google APIs
HOMEBREW_GITHUB_API_TOKEN language:shellGithub token usually set by homebrew users
xoxp OR xoxbSlack bot and private tokens
.mlab.com passwordMLAB Hosted MongoDB Credentials
filename:logins.jsonFirefox saved password collection (key3.db usually in same repo)
filename:CCCam.cfgCCCam Server config file
msg nickserv identify filename:configPossible IRC login passwords
filename:settings.py SECRET_KEY
点赞(4)
单机日志分析工具:logC 使用tensorflow卷积神经网络,进行字符型图片验证码识别