Build a GitLab instance project index and search repositories for sensitive keywords (API-only, no cloning).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Cur1iosity from gravatar.com Cur1iosity

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Cur1iosity
  • Tags gitlab , gitlab-api , code-search , secret-scanning , secret-detection , credential-leak , leak-detection , security-audit , devsecops , pentest , red-team , redteam , osint , recon , compliance , cli
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

GitlabHarvester — Global GitLab Code & Secret Search Tool (Python)

PyPI Python License Last Commit

GitlabHarvester is a fast, scalable tool for searching keywords across an entire GitLab instance using the API — without cloning repositories. Built for security audits, secret discovery, compliance checks, and large-scale code intelligence across thousands of projects.

Global term search across a full GitLab instance — especially valuable for GitLab CE environments.

⚡ Quick Start

Search a keyword:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN --search password

Search from file:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN --terms-file words.txt

Build project index only:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN -m dump-index

Deduplicate results:

gitlab-harvester -m dedup --input-file session.jsonl --output-file clean.jsonl

Convert JSONL → JSON:

gitlab-harvester -m convert --input-file session.jsonl --output-file result.json

🚀 Overview

GitLab Community Edition does not provide full instance-wide code search like EE. GitlabHarvester fills this gap by:

  • building a lightweight instance project index
  • scanning repositories via API
  • streaming results in JSONL
  • supporting resumable sessions
  • keeping memory usage constant

Designed to operate efficiently on environments with 10k–100k repositories.

🔍 Key Advantages

Problem Solution
No global search Instance-wide scan
Cloning thousands repos API-only scanning
Large instances Streaming architecture
Repeated audits Cached project index

✨ Features

  • Instance-wide keyword search
  • No repository cloning
  • JSONL project index
  • Branch scanning strategies
  • Smart fork analysis
  • Resume interrupted scans
  • Streaming output
  • Low memory footprint
  • Automation-friendly
  • Built-in post-processing tools

📦 Installation

Recommended — install from PyPI

pipx install gitlab-harvester

Run:

gitlab-harvester --help

Alternative — pip

pip install gitlab-harvester

Development install

git clone https://github.com/Cur1iosity/GitlabHarvester.git
cd GitlabHarvester
pip install .

Editable mode:

pip install -e .

Install latest dev version

pipx install git+https://github.com/Cur1iosity/GitlabHarvester.git

Requirements

  • Python 3.10+
  • GitLab token with read_api permission

🌿 Branch Control

Two independent controls:

  • --index-branches — stored branches
  • --scan-branches — scanned branches

Example:

gitlab-harvester -u ... -t ... --scan-branches 10

Store all + scan all:

gitlab-harvester -u ... -t ... --index-branches all --scan-branches all

Shortcut:

--branches N

🍴 Fork Strategies

--forks skip|include|branch-diff|all-branches

Recommended → branch-diff

Mode Behavior
skip ignore forks
include treat as normal repos
branch-diff scan default + unique branches
all-branches full exhaustive scan

💾 Sessions & Resume

Create session:

gitlab-harvester -u ... -t ... --terms-file words.txt --session audit

Resume:

gitlab-harvester -u ... -t ... --session-file audit.jsonl --resume

📊 Output

Two file types:

File Purpose
Project index cached project metadata
Session file hits + checkpoints

Format → JSONL (streaming-friendly)

🧰 Post-Processing Modes

GitlabHarvester includes built-in post-processing utilities.

Deduplicate results

gitlab-harvester -m dedup \
  --input-file session.jsonl \
  --output-file clean.jsonl

Options:

  • --sqlite-path file.sqlite
  • --hash-algo blake2b|sha1|sha256
  • --no-normalize-hits

Convert JSONL → JSON

gitlab-harvester -m convert \
  --input-file session.jsonl \
  --output-file result.json

Pretty print:

jq . result.json > formatted.json

🏗 Architecture

GitLab API
   ↓
Indexer
   ↓
Branch planner
   ↓
Matcher
   ↓
JSONL stream

Constant memory usage regardless of instance size.

🎯 Typical Use Cases

  • secret discovery
  • credential leaks detection
  • internal audits
  • redteam/pentest reconnaissance
  • DevSecOps validation
  • large-scale code search

🔐 Security Notice

Use only on GitLab instances where you are authorized to perform scanning.

🤝 Contributing

Pull requests and ideas welcome.

📜 License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Cur1iosity from gravatar.com Cur1iosity

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Cur1iosity
  • Tags gitlab , gitlab-api , code-search , secret-scanning , secret-detection , credential-leak , leak-detection , security-audit , devsecops , pentest , red-team , redteam , osint , recon , compliance , cli
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.2.14

0.2.13

This version

0.2.12

0.2.11

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.1.6

0.1.5

0.1.3

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gitlab_harvester-0.2.12.tar.gz (26.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gitlab_harvester-0.2.12-py3-none-any.whl (31.1 kB view details)

Uploaded Python 3

File details

Details for the file gitlab_harvester-0.2.12.tar.gz.

File metadata

  • Download URL: gitlab_harvester-0.2.12.tar.gz
  • Upload date:
  • Size: 26.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for gitlab_harvester-0.2.12.tar.gz
Algorithm Hash digest
SHA256 6b59dd6ec52542ca8a7c5b60e0b186021a286e86799fe72d5ce19bc799114ecb
MD5 255a11ad76d39fc00e05d63f8ee884fb
BLAKE2b-256 6c0d5bf83b5678ad27b7d36d7f78db93e8f9795848f5b8c4c8496a3ac3833183

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_harvester-0.2.12.tar.gz:

Publisher: python-publish.yml on Cur1iosity/GitlabHarvester

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gitlab_harvester-0.2.12-py3-none-any.whl.

File metadata

File hashes

Hashes for gitlab_harvester-0.2.12-py3-none-any.whl
Algorithm Hash digest
SHA256 6711095c7d16dfcd7af0ab2135efc2993e266cf8541a7da4134565a0c92a8f4c
MD5 584849cd188407240c88b1a9956c1a98
BLAKE2b-256 64dd74f22c9f40678b1875f8fd00f9df8f0b3217b9ae2d433d96a2f04bd20692

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_harvester-0.2.12-py3-none-any.whl:

Publisher: python-publish.yml on Cur1iosity/GitlabHarvester

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page