lukeswitz/gitSecure.py

## gitSecure.py
"""
GitHub Repository Security Scanner
-----------------------------------

This script scans a specified GitHub repository for potential sensitive information and security vulnerabilities using a predefined list of Git dorks. It is intended to be a part of DevSecOps practices to prevent sensitive data leaks.

The script requires a GitHub Access Token and a Discord Webhook URL to operate. It sends alerts to the specified Discord channel when sensitive information is found in any of the repository's files.

Dependencies:
- PyGithub: A Python client for the GitHub API
- requests: A Python HTTP library

Usage:
1. Install required Python packages:
   `pip install PyGithub requests`
2. Set your GitHub Access Token and Discord Webhook URL in the script.
3. Run the script with a GitHub repository URL as an argument:
   `python3 gitSecure.py <repository_url>`

Note:
- Ensure the access token has appropriate permissions for repository access.
- Be cautious with the output, as it may contain sensitive information.

"""

import requests
import sys
from github import Github

# Define your GitHub Access Token and Discord Webhook URL
access_token = 'YOUR_GITHUB_ACCESS_TOKEN'
discord_webhook_url = 'YOUR_DISCORD_WEBHOOK_URL'

# Define a bunch of dorks
git_dorks = [
    # Credentials, API Keys, Tokens
    'filename:.env AWS_SECRET_ACCESS_KEY',
    'filename:.env password',
    'filename:.npmrc _auth',
    'filename:.dockercfg auth',
    'extension:pem private',
    'extension:ppk private',
    'filename:id_rsa or filename:id_dsa',
    'filename:.git-credentials',
    'path:/.aws/credentials',
    'path:/.azure/credentials',
    'path:/.npmrc _authToken',

    # Configuration Files
    'filename:docker-compose.yml',
    'filename:.htaccess',
    'filename:settings.py secret_key',
    'filename:secrets.yml',
    'filename:credentials.json',
    'filename:wp-config.php',
    'filename:web.config password',
    'filename:application.properties password',
    'filename:config.php dbpassword',

    # Database Files and Backups
    'filename:database.sql password',
    'filename:mysql_dump.sql',
    'filename:dump.sql',
    'filename:*.bak',
    'filename:backup.tar.gz',
    'filename:backup.zip',

    # SSH and Configuration
    'path:.ssh/id_rsa',
    'path:.ssh/id_dsa',
    'filename:.bash_history',
    'filename:.bashrc password',
    'filename:.bash_profile',
    'filename:shadow path:/etc/',
    'filename:passwd path:/etc/',

    # Development and Deployment Files
    'filename:.gitlab-ci.yml',
    'filename:travis.yml',
    'filename:deploy.sh password',
    'filename:staging.yml',
    'filename:test.rb aws',
    'filename:test.py db',

    # Malware and Security Vulnerability Indicators
    'filename:payload positives:5-',
    'filename:exploit positives:5-',
    'filename:obfus NOT tag:android',
    'metadata:"Microsoft Corporation" AND tag:peexe',
    'resource:"PKCS7" and resource:"X509"',
    'submitter:DE positives:2+ positives:10- (tag:doc OR tag:docx)',
    'submitter:TW positives:1+ positives:20- filename:*.eml submissions:1',
    'lastline:RANSOM',
    'c2ae:STEALER and tag:peexe',
    'content:"sekurlsa::logonpasswords"',
    'content:"click enable editing"',
    'content:"click enable content"',
    'content:"] Shellcode"',

    # Miscellaneous
    'extension:log password',
    'filename:debug.log',
    'filename:access.log',
    'filename:.DS_Store',
    'filename:sftp-config.json',
    'filename:.eslintrc',
    'filename:TODO',
    'filename:FIXME',
    'filename:ISSUES',
    'filename:CHANGELOG.md password',
    'filename:README.md API_KEY',
]


# Initialize GitHub API
g = Github(access_token)

# Function to scan a repository
def scan_repository(repo_url):
    repo_name = repo_url.split('/')[-1]
    findings = []
    for dork in git_dorks:
        query = f"{dork} repo:{repo_name}"
        try:
            results = g.search_code(query, order='desc')
            for file in results:
                file_content_url = file.download_url
                if file_content_url:
                    file_content = requests.get(file_content_url).text
                    findings.append((file.html_url, file_content))
        except Exception as e:
            print(f"Error scanning {repo_name}: {e}")
    return findings

# Function to send an alert to Discord
def send_discord_alert(findings):
    if findings:
        for finding in findings:
            file_url, file_content = finding
            message = f"Alert: Sensitive information found in file: {file_url}\nContent:\n{file_content[:1000]}"  # Limited to the first 1000 characters
            data = {"content": message}
            response = requests.post(discord_webhook_url, json=data)
            if response.status_code != 204:
                print("Failed to send message to Discord webhook.")

# Main function to handle command-line arguments
def main():
    if len(sys.argv) != 2:
        print("Usage: python3 gitSecure.py <repository_url>")
        sys.exit(1)

    repo_url = sys.argv[1]
    scan_results = scan_repository(repo_url)
    send_discord_alert(scan_results)

if __name__ == "__main__":
    main()
	"""
	GitHub Repository Security Scanner
	-----------------------------------

	This script scans a specified GitHub repository for potential sensitive information and security vulnerabilities using a predefined list of Git dorks. It is intended to be a part of DevSecOps practices to prevent sensitive data leaks.

	The script requires a GitHub Access Token and a Discord Webhook URL to operate. It sends alerts to the specified Discord channel when sensitive information is found in any of the repository's files.

	Dependencies:
	- PyGithub: A Python client for the GitHub API
	- requests: A Python HTTP library

	Usage:
	1. Install required Python packages:
	`pip install PyGithub requests`
	2. Set your GitHub Access Token and Discord Webhook URL in the script.
	3. Run the script with a GitHub repository URL as an argument:
	`python3 gitSecure.py <repository_url>`

	Note:
	- Ensure the access token has appropriate permissions for repository access.
	- Be cautious with the output, as it may contain sensitive information.

	"""

	import requests
	import sys
	from github import Github

	# Define your GitHub Access Token and Discord Webhook URL
	access_token = 'YOUR_GITHUB_ACCESS_TOKEN'
	discord_webhook_url = 'YOUR_DISCORD_WEBHOOK_URL'

	# Define a bunch of dorks
	git_dorks = [
	# Credentials, API Keys, Tokens
	'filename:.env AWS_SECRET_ACCESS_KEY',
	'filename:.env password',
	'filename:.npmrc _auth',
	'filename:.dockercfg auth',
	'extension:pem private',
	'extension:ppk private',
	'filename:id_rsa or filename:id_dsa',
	'filename:.git-credentials',
	'path:/.aws/credentials',
	'path:/.azure/credentials',
	'path:/.npmrc _authToken',

	# Configuration Files
	'filename:docker-compose.yml',
	'filename:.htaccess',
	'filename:settings.py secret_key',
	'filename:secrets.yml',
	'filename:credentials.json',
	'filename:wp-config.php',
	'filename:web.config password',
	'filename:application.properties password',
	'filename:config.php dbpassword',

	# Database Files and Backups
	'filename:database.sql password',
	'filename:mysql_dump.sql',
	'filename:dump.sql',
	'filename:*.bak',
	'filename:backup.tar.gz',
	'filename:backup.zip',

	# SSH and Configuration
	'path:.ssh/id_rsa',
	'path:.ssh/id_dsa',
	'filename:.bash_history',
	'filename:.bashrc password',
	'filename:.bash_profile',
	'filename:shadow path:/etc/',
	'filename:passwd path:/etc/',

	# Development and Deployment Files
	'filename:.gitlab-ci.yml',
	'filename:travis.yml',
	'filename:deploy.sh password',
	'filename:staging.yml',
	'filename:test.rb aws',
	'filename:test.py db',

	# Malware and Security Vulnerability Indicators
	'filename:payload positives:5-',
	'filename:exploit positives:5-',
	'filename:obfus NOT tag:android',
	'metadata:"Microsoft Corporation" AND tag:peexe',
	'resource:"PKCS7" and resource:"X509"',
	'submitter:DE positives:2+ positives:10- (tag:doc OR tag:docx)',
	'submitter:TW positives:1+ positives:20- filename:*.eml submissions:1',
	'lastline:RANSOM',
	'c2ae:STEALER and tag:peexe',
	'content:"sekurlsa::logonpasswords"',
	'content:"click enable editing"',
	'content:"click enable content"',
	'content:"] Shellcode"',

	# Miscellaneous
	'extension:log password',
	'filename:debug.log',
	'filename:access.log',
	'filename:.DS_Store',
	'filename:sftp-config.json',
	'filename:.eslintrc',
	'filename:TODO',
	'filename:FIXME',
	'filename:ISSUES',
	'filename:CHANGELOG.md password',
	'filename:README.md API_KEY',
	]


	# Initialize GitHub API
	g = Github(access_token)

	# Function to scan a repository
	def scan_repository(repo_url):
	repo_name = repo_url.split('/')[-1]
	findings = []
	for dork in git_dorks:
	query = f"{dork} repo:{repo_name}"
	try:
	results = g.search_code(query, order='desc')
	for file in results:
	file_content_url = file.download_url
	if file_content_url:
	file_content = requests.get(file_content_url).text
	findings.append((file.html_url, file_content))
	except Exception as e:
	print(f"Error scanning {repo_name}: {e}")
	return findings

	# Function to send an alert to Discord
	def send_discord_alert(findings):
	if findings:
	for finding in findings:
	file_url, file_content = finding
	message = f"Alert: Sensitive information found in file: {file_url}\nContent:\n{file_content[:1000]}" # Limited to the first 1000 characters
	data = {"content": message}
	response = requests.post(discord_webhook_url, json=data)
	if response.status_code != 204:
	print("Failed to send message to Discord webhook.")

	# Main function to handle command-line arguments
	def main():
	if len(sys.argv) != 2:
	print("Usage: python3 gitSecure.py <repository_url>")
	sys.exit(1)

	repo_url = sys.argv[1]
	scan_results = scan_repository(repo_url)
	send_discord_alert(scan_results)

	if __name__ == "__main__":
	main()