13

GitHub - filtration/pullit: Find leaked credentials on Github

 4 years ago
source link: https://github.com/filtration/pullit
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

Pullit

Pullit is a real-time credential finder.

68747470733a2f2f692e696d6775722e636f6d2f505578316f69472e706e67

Installation

  • git pull https://github.com/filtration/pullit.git
  • sudo chmod +x install.sh
  • . ./install.sh
  • cp config.example.yml config.yml
  • Edit your metadata or add more, then run:
  • python ./pullit.py

Features

  • Find Github credentials
  • Save credentials to database
  • Post credentials to slack

Modules:

  • Github
  • Bitbucket (todo)
  • Gitlab (todo)

todo:

  • Rate limiting:
    • Check current token's rate limit
    • If it has expired, move on to the next token
    • If all tokens are rate-limited, print a message "We recommend you create and add another token"
  • Email notifications
  • Credentials:
    • Use selector to show just the credentials rather than (twitter_api_key=12345), because we can use 'name' column in database
    • merge the credentials together, api_key=(...) api_secret(...)
  • Database:
    • Better database management, don't run queries individually, run in bulk...
    • Check if repo has already been checked
    • Add commit id to database

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK