gshark: Scan for sensitive information in Github easily and effectively
GShark
The project is based on golang with AdminLTE to build a management system to manage the Github search results. Github API has been utilized to scrawl the related results according to keywords and some rules. It proves to be a proper way to detect the information related to your company.
Feature
- Support multi-platform, including Gitlab, Github, Searchcode
- Flexible menu and API permission setting
- Flexible rules and filter rules
- Utilize gobuster to brute force subdomain
- Easily used management system
Download
git clone https://github.com/madneal/gshark.git
cd server
go mod tidy
mv config-temp.yaml config.yaml
go build
./gshark web
If you want to set up the scan service, please run:
./gshark scan
Deployment
For the deployment, it’s suggested to install nginx. Place the dist folder under html, modify the nginx.conf to reverse proxy the backend service. I have also made a video for the deployment in bilibili and youtube. For the deployment in windows, refer here.
[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”location%20%2Fapi%2F%20%7B%0Aproxy_set_header%20Host%20%24http_host%3B%0Aproxy_set_header%20%20X-Real-IP%20%24remote_addr%3B%0Aproxy_set_header%20X-Forwarded-For%20%24proxy_add_x_forwarded_for%3B%0Aproxy_set_header%20X-Forwarded-Proto%20%24scheme%3B%0Arewrite%20%5E%2Fapi%2F(.*)%24%20%2F%241%20break%3B%0Aproxy_pass%20http%3A%2F%2F127.0.0.1%3A8888%3B%0A%7D”/]
The deployment work is very easy. Find the corresponding binary zip file from releases. Unzip and run. Remember to copy the files inside the disk to html folder of nginx.
Add Token
To execute the main scan, you need to add a Github token for crawl information in github. You can generate a token in tokens. Most access scopes are enough.
Use
Copyright [2018] [Dong Bing]
Source: https://github.com/madneal/
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
