Active Members Fi8sVrs Posted August 30, 2017 Active Members Report Posted August 30, 2017 + Autor: Danilo Vaz a.k.a. UNK + Blog: http://unk-br.blogspot.com + Github: http://github.com/danilovazb + Twitter: https://twitter.com/danilovaz_unk WARNING +---------------------------------------------------+ | DEVELOPERS ASSUME NO LIABILITY AND ARE NOT | | RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY | | THIS PROGRAM | +---------------------------------------------------+ Description Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site's search page. Motivation Demonstrates the fragility of trust in public repositories to store codes with sensitive information. Requirements lxml requests Install: git clone http://github.com/danilovazb/GitMiner sudo apt-get install python-requests python-lxml OR pip install -r requirements.txt Help: usage: ██████╗ ██╗████████╗███╗ ███╗██╗███╗ ██╗███████╗██████╗ ██╔════╝ ██║╚══██╔══╝████╗ ████║██║████╗ ██║██╔════╝██╔══██╗ ██║ ███╗██║ ██║ ██╔████╔██║██║██╔██╗ ██║█████╗ ██████╔╝ ██║ ██║██║ ██║ ██║╚██╔╝██║██║██║╚██╗██║██╔══╝ ██╔══██╗ ╚██████╔╝██║ ██║ ██║ ╚═╝ ██║██║██║ ╚████║███████╗██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝ v1.1 Automatic search for GitHub. + Autor: Danilo Vaz a.k.a. UNK + Blog: http://unk-br.blogspot.com + Github: http://github.com/danilovazb + Gr33tz: l33t0s, RTFM +[WARNING]------------------------------------------+ | THIS TOOL IS THE PENALTY FOR EDUCATIONAL USE, | | THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE TO | | THE TOOL THAT USE. | +---------------------------------------------------+ [-h] [-q 'filename:shadown path:etc'] [-m wordpress] [-o result.txt] optional arguments: -h, --help show this help message and exit -q 'filename:shadown path:etc', --query 'filename:shadown path:etc' Specify search term -m wordpress, --module wordpress Specify the search module -o result.txt, --output result.txt Specify the output file where it will be saved Example: Searching for wordpress configuration files with passwords: $:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -o result.txt Looking for brasilian government files containing passwords: $:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas Looking for shadow files on the etc paste: $:> python git_miner.py --query 'filename:shadow path:etc' -m root Searching for joomla configuration files with passwords: $:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla Hacking SSH Servers: Download: GitMiner-master.zip Source: https://github.com/UnkL4b/GitMiner 2 Quote