GitHub is a greatly prevalent site that permits designers to store source code and cooperate with different clients about their tasks. Anybody can download open, open-source records on GitHub physically or with Git, and anybody can fork off somebody’s venture to grow or enhance it into its own particular venture. It’s a truly extraordinary site for software engineers, designers, and notwithstanding rousing programmers.
Install Gitrob on Kali Linux to Mine GitHub for Credentials
In any case, in the push to get their source code out rapidly, clients now and then neglect to expel delicate data from their tasks. GitHub is an openly available site, and this implies programmers and security experts can scour for qualifications genuinely simple on it.
Physically scouring for qualifications on GitHub could take some time, however that is the place Gitrob comes in. It’s an open-source insight (OSINT) device made by Michael Henriksen that rates up the procedure exponentially.
Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
Update Your Ruby Gems
Open a terminal in Kali Linux and execute the command:
- gem update –system
In Kali Linux, you already have PostgreSQL installed, which is an open-source object-relational database system. Simply ensure that it is running by executing:
- service postgresql start
You may need to install an additional dependancy:
- apt-get install libpq-dev
Set Up a Database for Gitrob
Now we need to set up a database for Gitrob. To start, if you are running Kali Linux, simply enter the following command to change your user to the Postgres user.
- sudo su postgres
Or if you are running Kali as root:
- su postgres
Next, enter the following command create a new database user. After this command, you will be prompted for a password.
- createuser -s gitrob –pwprompt
Finally, the following command will create new database specifying gitrob as the owner.
- createdb -O gitrob gitrob
GitHub Access Tokens
Since Gitrob works by querying GitHub, we’ll need an access token. Without one, Gitrob’s queries will be limited by GitHub’s servers, so it’s important that you have one so the limit is removed.
First, visit github.com/setttings/tokens, then add a token by clicking on the “Generate token button” button.
Next, you will be asked to name your token and select access privileges. Since we will only be scanning public repos, we don’t need to give Gitrob any additional access to our own repos. Once you have named and accepted your token, you will be presented with a page showing the token. Leave this open because you will not be able to access it again—but you will need the token in a later step.
Install the Gitrob Gem
Next, we install the Gitrob gem with the terminal command:
- gem install gitrob
Downgrade Your GitHub API Gem
The current release of Gitrob doesn’t play well with the bundled GitHub API gem. You will need to remove it and install a previous version. Execute the command:
- gem uninstall github_api
Followed by the command:
- gem install github_api -v 13
Next, we will configure Girtob with the following command.
- gitrob configure
And Now You Have Gitrob
The install process would’ve been a lot easier if there weren’t issues with the bundled GitHub API. Hopefully, it will be fixed in a later version. In future guides, I will demonstrate some of the uses of this tool for OSINT gathering, so stay tuned.