Gitrob
Tool and Usage
Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.
Why this tool?
Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.
How it works
Gitrob starts with collectings all public repositories of the organization. Then it moves on to the discovery of organization members and pulls in their public repositories. This way it can compile a list of repositories that are related, or have a close relation to the organization.
Usage and audience
This tool is categorized as a company reconnaissance tool and Git mining tool.
Gitrob is commonly used for data leak prevention, information gathering, penetration testing, or security assessment. Target users for this tool are developers, pentesters, and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + More than 1000 GitHub stars
- + The source code of this software is available
Installation
Supported operating systems
Gitrob is known to work on Linux.
Dependencies
Several dependencies are required to use Gitrob.
- colorize
- github_api
- hashie
- highline
- pg
- ruby-progressbar
- sequel
- sinatra
- sucker_punch
- thin
- thor
- thread
Gitrob alternatives
| Project details | |
|---|---|
| Latest release | 1.1.2 [2017-04-09] |
| License | MIT |
| Last updated | April 16, 2018 |
Project health
Links
 | Gitrob GitHub profile |
