Hi! This project is no longer maintained as better options now exist. I would recommend:
Gumbler is a tool to dig for sensitive files committed in the history of the project. It uses the .gitignore and a starter file (i.e. files_to_look_for.txt) as a seed list. It then checks every branch and commit to see if that file was committed at some point.
python gumbler.py -r "./projects/[REPO_NAME]" -a -p "[ORG_NAME]/[REPO_NAME]"
python gumbler.py -o server -x "./output"
python gumbler.py -r "./projects/[REPO_NAME]" -a
python gumbler.py -o server
python gumbler.py -s projects -p https://github.com/BuffaloWill/NaughtyGitProject.git
python gumbler.py -o server
python gumbler.py -j output/myfile.json
# import the entire directory containing json files
python gumbler.py -j output
http://localhost:5000/files?file=yml
- Lightweight, portable results (i.e. json, html)
- View and search the results via flask server
- No Github API keys required. It can be used against repo's discovered during OSINT and not tied to Github.
- (Goal) Support svn and mecurial
There are lots of bugs and, quite a few, false negatives. Please create an issue if you find something. The project is being actively maintained.