74
GitHub - FeeiCN/GSIL: Github Sensitive Information Leakage(Github敏感信息泄露)
source link: https://github.com/FeeiCN/GSIL
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GSIL(GitHub Sensitive Information Leakage)
Monitor Github sensitive information leaks in near real time and send alert notifications.
Installation
Python3(Python2 is not tested)
$ git clone https://github.com/FeeiCN/GSIL.git
$ cd GSIL/
$ pip install -r requirements.txtConfiguration
GSIL/config.gsil(Copy config.gsil.cfg.example to config.gsil.cfg): Alarm mailbox and Github configuration
[mail]
host : smtp.exmail.qq.com
# SMTP port (Not SSL port, but will use TLS encryption)
port : 25
# Multiple senders are separated by comma (,)
mails : [email protected]
from : GSIL
password : your_password
# Multiple recipients are separated by comma (,)
to : [email protected]
[github]
# Whether the scanned data will be cloned to the local area immediately
# Clone to ~/.gsil/codes/ directory
clone: false
# Github Token, multiple tokens are separated by comma (,)
# https://github.com/settings/tokens
tokens : your_token
GSIL/rules.gsil(Copy rules.gsil.yaml.example to rules.gsil.yaml): scanning rules
Generally, The best rule is the characteristic code of the intranet(Example: mogujie's extranet is
mogujie.com, intranet ismogujie.org. At this time,mogujie.orgcan be used as a rule)
There are other similar code head characteristic code, external mailbox characteristic code, and so on
| field | meaning | optional | default | describe |
|---|---|---|---|---|
| keyword | key word | required | - | When multiple keywords are used, space segmentation is used(Example: 'username password'), When you need a precise search, use double(Example: "quotesele.me") |
| ext | file suffix | optional | all suffixes | Multiple suffixes are separated by comma(Example: java,php,python) |
| mode | matching mode | optional | normal-match | normal-match(The line that contains the keyword is matched, and the line near the line is matched) / only-match(Only the lines that match the key words) / full-match(Not recommended for use)(The search results show the entire file) |
{
# usually using the company name, used as the first parameter to open the scan(Example:`python gsil.py test`)
"test": {
# General use of product name
"mogujie": {
# Internal domain name of the company
"\"mogujie.org\"": {
# mode/ext options no need to configure by default
"mode": "normal-match",
"ext": "php,java,python,go,js,properties"
},
# Company code's characteristic code
"copyright meili inc": {},
# Internal host domain name
"yewu1.db.mogujie.host": {},
# External mailbox
"mail.mogujie.com": {}
},
"meilishuo": {
"meilishuo.org": {},
"meilishuo.io": {}
}
}
}
Usage
$ python gsil.py test
# Verify tokens validity
$ python gsil.py --verify-tokens$ crontab -e
# Run every hour
0 * * * * /usr/bin/python /var/app/GSIL/gsil.py test > /tmp/gsil
# Send a statistical report at 11 p. m. every night
0 23 * * * /usr/bin/python /var/app/GSIL/gsil.py --report- Once the scan report will not repeat the report, the cache records in ~/.gsil/ directory *
Reference
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK