GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some features like:
Features
Requirements
Setup
Install requirements:
Python3 -m pip install -r requirements.txt
Please make sure you have Pyyaml version 5x or higher installed
Fill in the required information in the configuration file (config.ini):
[git]
user = <username_git>
pass = <password_git>
url_code = https://api.github.com/search/code?q={}+in:file&sort=indexed&order=desc
url_repos = https://api.github.com/search/repositories?q={}+size:>0+is:public&sort=indexed&order=desc
url_commit = https://api.github.com/search/commits?q={}+is:public&sort=indexed&order=desc
rpp = 50
[slack]
webhooks = <full_link_webhooks>
[path]
rule = <path to rule folder>
source = <path to folder to clone repository>
log = <filename of log>
[msg]
start = ====================**********====================
*Start scanning at {}*
_Clone completed successfully:_
end = ====================**********====================
*Scanning Done at {} *
_Detected possible repository:_
all = ====================**********====================
Write the rules (Searching rules). Put your rules in the rules directory:
id: Project_X_Matching
key: X
language:
#extension:
ignore:
filename:
- LICENSE
extension:
- html
- txt
Define the regular expressions in libs/regex.py file (Sensitive filtering rules).
Run:
Python3 gitmonitor.py
You can schedule automatic running for the tool by using Cronjob.
My Team
Special Thanks