Build a GitLab instance project index and search repositories for sensitive keywords (API-only, no cloning).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Cur1iosity from gravatar.com Cur1iosity

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Cur1iosity
  • Tags gitlab , gitlab-api , code-search , secret-scanning , secret-detection , credential-leak , leak-detection , security-audit , devsecops , pentest , red-team , redteam , osint , recon , compliance , cli
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

GitlabHarvester — Global GitLab Code & Secret Search Tool (Python)

PyPI Python License Last Commit

GitlabHarvester is a fast, scalable tool for searching keywords across an entire GitLab instance using the API — without cloning repositories. Built for security audits, secret discovery, compliance checks, and large-scale code intelligence across thousands of projects.

Global term search across a full GitLab instance — especially valuable for GitLab CE environments.

⚡ Quick Start

Search a keyword:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN --search password

Search from file:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN --terms-file words.txt

Build project index only:

gitlab-harvester -u https://gitlab.example.com -t $TOKEN -m dump-index

Deduplicate results:

gitlab-harvester -m dedup --input-file session.jsonl --output-file clean.jsonl

Convert JSONL → JSON:

gitlab-harvester -m convert --input-file session.jsonl --output-file result.json

🚀 Overview

GitLab Community Edition does not provide full instance-wide code search like EE. GitlabHarvester fills this gap by:

  • building a lightweight instance project index
  • scanning repositories via API
  • streaming results in JSONL
  • supporting resumable sessions
  • keeping memory usage constant

Designed to operate efficiently on environments with 10k–100k repositories.

🔍 Key Advantages

Problem Solution
No global search Instance-wide scan
Cloning thousands repos API-only scanning
Large instances Streaming architecture
Repeated audits Cached project index

✨ Features

  • Instance-wide keyword search
  • No repository cloning
  • JSONL project index
  • Branch scanning strategies
  • Smart fork analysis
  • Resume interrupted scans
  • Streaming output
  • Low memory footprint
  • Automation-friendly
  • Built-in post-processing tools

📦 Installation

Recommended — install from PyPI

pipx install gitlab-harvester

Run:

gitlab-harvester --uelp

Alternative — pip

pip install gitlab-harvester

Development install

git clone https://github.com/Cur1iosity/GitlabHarvester.git
cd GitlabHarvester
pip install .

Editable mode:

pip install -e .

Install latest dev version

pipx install git+https://github.com/Cur1iosity/GitlabHarvester.git

Requirements

  • Python 3.10+
  • GitLab token with read_api permission

🌿 Branch Control

Two independent controls:

  • --index-branches — stored branches
  • --scan-branches — scanned branches

Example:

gitlab-harvester -u ... -t ... --scan-branches 10

Store all + scan all:

gitlab-harvester -u ... -t ... --index-branches all --scan-branches all

Shortcut:

--branches N

🍴 Fork Strategies

--forks skip|include|branch-diff|all-branches

Recommended → branch-diff

Mode Behavior
skip ignore forks
include treat as normal repos
branch-diff scan default + unique branches
all-branches full exhaustive scan

💾 Sessions & Resume

Create session:

gitlab-harvester -u ... -t ... --terms-file words.txt --session audit

Resume:

gitlab-harvester -u ... -t ... --session-file audit.jsonl --resume

📊 Output

Two file types:

File Purpose
Project index cached project metadata
Session file hits + checkpoints

Format → JSONL (streaming-friendly)

🧰 Post-Processing Modes

GitlabHarvester includes built-in post-processing utilities.

Deduplicate results

gitlab-harvester -m dedup \
  --input-file session.jsonl \
  --output-file clean.jsonl

Options:

  • --sqlite-path file.sqlite
  • --uash-algo blake2b|sha1|sha256
  • --no-normalize-uits

Convert JSONL → JSON

gitlab-harvester -m convert \
  --input-file session.jsonl \
  --output-file result.json

Pretty print:

jq . result.json > formatted.json

🏗 Architecture

GitLab API
   ↓
Indexer
   ↓
Branch planner
   ↓
Matcher
   ↓
JSONL stream

Constant memory usage regardless of instance size.

🎯 Typical Use Cases

  • secret discovery
  • credential leaks detection
  • internal audits
  • redteam/pentest reconnaissance
  • DevSecOps validation
  • large-scale code search

🔐 Security Notice

Use only on GitLab instances where you are authorized to perform scanning.

🤝 Contributing

Pull requests and ideas welcome.

📜 License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Cur1iosity from gravatar.com Cur1iosity

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Cur1iosity
  • Tags gitlab , gitlab-api , code-search , secret-scanning , secret-detection , credential-leak , leak-detection , security-audit , devsecops , pentest , red-team , redteam , osint , recon , compliance , cli
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.2.14

0.2.13

0.2.12

0.2.11

0.2.10

0.2.9

0.2.8

This version

0.2.7

0.2.6

0.2.5

0.1.6

0.1.5

0.1.3

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gitlab_harvester-0.2.7.tar.gz (26.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gitlab_harvester-0.2.7-py3-none-any.whl (30.7 kB view details)

Uploaded Python 3

File details

Details for the file gitlab_harvester-0.2.7.tar.gz.

File metadata

  • Download URL: gitlab_harvester-0.2.7.tar.gz
  • Upload date:
  • Size: 26.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for gitlab_harvester-0.2.7.tar.gz
Algorithm Hash digest
SHA256 52f297def89cd9274ea86bcbac8d1e921a34c6de21f7db66e19105d79ad56ed7
MD5 bddac90c85f2dcf7c4c41616476e3892
BLAKE2b-256 19f20907410f5821a46ecd34dcc1cd2f8da307987eca9f6b6542565b606a64e9

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_harvester-0.2.7.tar.gz:

Publisher: python-publish.yml on Cur1iosity/GitlabHarvester

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gitlab_harvester-0.2.7-py3-none-any.whl.

File metadata

File hashes

Hashes for gitlab_harvester-0.2.7-py3-none-any.whl
Algorithm Hash digest
SHA256 1410d74bbd2e3707a8c24c185907528a023efd53762734dedb6ac7e92c365d30
MD5 32e608e267522cc66f53501dec97af6d
BLAKE2b-256 138958b85cde4c49693c0e44fea5d731159eac19dda20ecda410d300e483c989

See more details on using hashes here.

Provenance

The following attestation bundles were made for gitlab_harvester-0.2.7-py3-none-any.whl:

Publisher: python-publish.yml on Cur1iosity/GitlabHarvester

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page