Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
- 🔍 Scans repositories for sensitive files
- 🌐 Web interface for easy analysis
- 🔄 Configurable commit depth scanning
- 👥 Organization member scanning
- 💾 Session saving and loading
- ⚙️ Customizable signature patterns
- 🚀 Multi-threaded processing
Download the latest pre-built release for your platform.
go get github.com/bitthr3at/gitrob- Set up GitHub Token
export GITROB_ACCESS_TOKEN=your_github_token- Run Gitrob
gitrob target_organization- Access Web Interface
http://localhost:9393
- Create a personal access token
- Set it in your environment:
export GITROB_ACCESS_TOKEN=your_token_hereGitrob uses YAML configuration files to define signature patterns for detecting sensitive information. You can specify a custom config file or use the default locations.
gitrob -config /path/to/your/config.yaml target_organizationIf no config file is specified, Gitrob searches in these locations (in order):
./config.yaml(Current directory)./core/config.yaml(Core directory)/etc/gitrob/config.yaml(System config)$HOME/.gitrob/config.yaml(User config)
patterns:
- name: "sensitive_file"
type: "content|extension|filename|path"
pattern: "regex_pattern"
description: "What this detects"
comment: "Additional context"Signature Types:
content: Match file contents using regexextension: Match file extensions (exact match)filename: Match filenames (exact match)path: Match file paths using regex
Example:
patterns:
- name: "aws_key"
type: "content"
pattern: "(?i)aws_access_key_id\\s*=\\s*[A-Z0-9]{20}"
description: "AWS Access Key ID"
comment: "AWS credentials should not be committed"gitrob [options] target [target2] ... [targetN]| Option | Description | Default |
|---|---|---|
| -bind-address | Web server bind address | 127.0.0.1 |
| -commit-depth | Number of commits to process | 500 |
| -config | Path to config.yaml file | core/config.yaml |
| -debug | Enable debug output | false |
| -github-access-token | GitHub API token | - |
| -load | Load session file | - |
| -no-expand-orgs | Don't scan org members | false |
| -port | Web server port | 9393 |
| -repo | Single repository to scan | - |
| -save | Save session to file | - |
| -silent | Suppress output | false |
| -threads | Concurrent threads | CPU cores |
gitrob -save ~/gitrob-session.json acmecorpgitrob -load ~/gitrob-session.json- Go >= 1.8
- Git
- Clone Repository
git clone https://github.com/bitthr3at/gitrob.git
cd gitrob- Build
chmod +x build.sh
./build.shThis creates binaries in the build directory for:
- Linux (amd64)
- macOS (amd64)
- Windows (amd64)
For single platform build:
go buildContributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.