gitxray: leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more

Gitxray

Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that would otherwise be very time-consuming to obtain manually. Additionally, it seeks out information in unconventional places.

Use cases

Gitxray can be used to, for example:

  • Find sensitive information in contributor profiles disclosed by accident within, for example, Armored PGP Keys, or Key Names.
  • Identify threat actors in a Repository. You may spot co-owned or shared accounts, as well as inspect public events to spot fake Stargazers.
  • Identify fake or infected Repositories. It can detect tampered commit dates as well as, for example, Release assets updated post-release.
  • Forensics use-cases, such as filtering results by date in order to check what else happened on the day of an incident.
  • And a lot more! Run a full X-Ray in Verbose mode to collect a ton of data.

Rate Limits and the GitHub API

Gitxray gracefully handles Rate Limits and can work out of the box without a GitHub API key, but you’ll likely hit RateLimits pretty fast. This is detailed by GitHub in their documentation here. A simple read-only token created for PUBLIC repositories will however help you increase those restrictions considerably. If you’re not in a hurry or can leave gitxray running you’ll be able to use its full capacity, as it pauses execution while waiting for the limits to lift.

Install & Use