Gitrob
Tool and Usage
Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.
Why this tool?
Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.
How it works
Gitrob starts with collectings all public repositories of the organization. Then it moves on to the discovery of organization members and pulls in their public repositories. This way it can compile a list of repositories that are related, or have a close relation to the organization.
Usage and audience
Gitrob is commonly used for information gathering, penetration test, or security assessment. Target users for this tool are pentesters, security professionals, and system administrators.
Tool review
Strengths
- + More than 1000 GitHub stars
- + The source code of this software is available
Author and Maintainers
Gitrob is under development by Michael Henriksen.
Installation
Support operating systems
Gitrob is known to work on Linux.
Dependencies
Several dependencies are required to use Gitrob.
- colorize
- github_api
- hashie
- highline
- pg
- ruby-progressbar
- sequel
- sinatra
- sucker_punch
- thin
- thor
- thread
Gitrob alternatives
| Project details | |
|---|---|
| Latest release | 1.1.2 [2017-04-09] |
| License(s) | MIT |
| Last updated | Sept. 18, 2017 |
Project health
Links
 | Gitrob GitHub profile |
