modulepackage
0.0.0-20250128060643-36117eff5da9
Repository: https://github.com/bitthr3at/gitrob.git
Documentation: pkg.go.dev
# README
🕵️ Gitrob
Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
📋 Table of Contents
✨ Features
- 🔍 Scans repositories for sensitive files
- 🌐 Web interface for easy analysis
- 🔄 Configurable commit depth scanning
- 👥 Organization member scanning
- 💾 Session saving and loading
- ⚙️ Customizable signature patterns
- 🚀 Multi-threaded processing
📥 Installation
Pre-built Binaries
Download the latest pre-built release for your platform.
Using Go
go get github.com/bitthr3at/gitrob
🚀 Quick Start
- Set up GitHub Token
export GITROB_ACCESS_TOKEN=your_github_token
- Run Gitrob
gitrob target_organization
- Access Web Interface
http://localhost:9393
⚙️ Configuration
GitHub Access Token
- Create a personal access token
- Set it in your environment:
export GITROB_ACCESS_TOKEN=your_token_here
Signature Configuration
Gitrob uses YAML configuration files to define signature patterns for detecting sensitive information. You can specify a custom config file or use the default locations.
Using Custom Config File
gitrob -config /path/to/your/config.yaml target_organization
Default Config Locations
If no config file is specified, Gitrob searches in these locations (in order):
./config.yaml(Current directory)./core/config.yaml(Core directory)/etc/gitrob/config.yaml(System config)$HOME/.gitrob/config.yaml(User config)
Custom Signature Format
patterns:
- name: "sensitive_file"
type: "content|extension|filename|path"
pattern: "regex_pattern"
description: "What this detects"
comment: "Additional context"
Signature Types:
content: Match file contents using regexextension: Match file extensions (exact match)filename: Match filenames (exact match)path: Match file paths using regex
Example:
patterns:
- name: "aws_key"
type: "content"
pattern: "(?i)aws_access_key_id\\s*=\\s*[A-Z0-9]{20}"
description: "AWS Access Key ID"
comment: "AWS credentials should not be committed"
🛠️ Usage
Command Format
gitrob [options] target [target2] ... [targetN]
Options
| Option | Description | Default |
|---|---|---|
| -bind-address | Web server bind address | 127.0.0.1 |
| -commit-depth | Number of commits to process | 500 |
| -config | Path to config.yaml file | core/config.yaml |
| -debug | Enable debug output | false |
| -github-access-token | GitHub API token | - |
| -load | Load session file | - |
| -no-expand-orgs | Don't scan org members | false |
| -port | Web server port | 9393 |
| -repo | Single repository to scan | - |
| -save | Save session to file | - |
| -silent | Suppress output | false |
| -threads | Concurrent threads | CPU cores |
Session Management
Save Session
gitrob -save ~/gitrob-session.json acmecorp
Load Session
gitrob -load ~/gitrob-session.json
🔨 Building from Source
Prerequisites
- Go >= 1.8
- Git
Build Steps
- Clone Repository
git clone https://github.com/bitthr3at/gitrob.git
cd gitrob
- Build
chmod +x build.sh
./build.sh
This creates binaries in the build directory for:
- Linux (amd64)
- macOS (amd64)
- Windows (amd64)
For single platform build:
go build
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
# Packages
Code generated for package core by go-bindata DO NOT EDIT.
# Functions
No description provided by the author
No description provided by the author
No description provided by the author
Add this new function to handle repo list.
No description provided by the author