Gitrob

Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.

Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files.

The findings will be presented through a web interface for easy browsing and analysis.

Note: Gitrob will need a Github access token in order to interact with the Github API. Create a personal access token and save it in an environment variable in your .bashrc or similar shell configuration file:

export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef

Install: (Go)

go get github.com/michenriksen/gitrob

Install: (Binary)

A precompiled version is available for each release.

Usage:

# Run against org
gitrob {org_name}

# Saving session to a file
gitrob -save ~/gitrob-session.json acmecorp

# Loading session from a file
gitrob -load ~/gitrob-session.json