Skip to main content

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

Project description

Welcome to Gitxray

Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that would otherwise be very time-consuming to obtain manually. Additionally, it seeks out information in unconventional places.

Build Workflows Latest Version in PIP Python Versions License

Gitxray HTML Report

Use cases

Gitxray can be used to, for example:

  • Find sensitive information in contributor profiles disclosed by accident within, for example, Armored PGP Keys, or Key Names.

  • Identify threat actors in a Repository. You may spot co-owned or shared accounts, as well as inspect public events to spot fake Stargazers.

  • Identify fake or infected Repositories. It can detect tampered commit dates as well as, for example, Release assets updated post-release.

  • Forensics use-cases, such as filtering results by date in order to check what else happened on the day of an incident.

  • And a lot more! Run a full X-Ray in to collect a ton of data.

gitxray -r https://github.com/some-org/some-repository

  • If you rather use text output, you may want to filter output with filters:

gitxray -r https://github.com/some-org/some-repository -f user_input -outformat text

gitxray -r https://github.com/some-org/some-repository -f keys,association,starred -outformat text

gitxray -r https://github.com/some-org/some-repository -f warning -outformat text

gitxray -r https://github.com/some-org/some-repository -f 2024-09-01 -outformat text

Please refer to the Documentation for additional use-cases and introductory information.

Documentation

Rate Limits and the GitHub API

Gitxray gracefully handles Rate Limits and can work out of the box without a GitHub API key, but you'll likely hit RateLimits pretty fast (A small to medium-size repository with 10+ Contributors could take hours to complete while it waits for RateLimits to reset) This is detailed by GitHub in their documentation here.

Creating a simple read-only token scoped to PUBLIC repositories will however help you increase those restrictions considerably. If you're not in a hurry or can leave gitxray running you'll be able to use its full capacity, as it pauses execution while waiting for the limits to lift.

You may then load the token safely by using (prevents the token from being displayed on screen or getting logged in your shell history):

read -rs GH_ACCESS_TOKEN
export

Installing, Updating, and running Gitxray

gitxray was written with no use of external package dependencies other than the requests library.

PyPI (PIP) Way

gitxray is on PyPI and can be installed and updated with:

pip install gitxray --upgrade

Once installed, simply run gitxray from your command line by typing:

gitxray -h

Run your first full X-Ray

gitxray -o https://github.com/kulkansecurity

Gitxray Console

Installing from source

You may also run gitxray directly by cloning or downloading its GitHub repository and running.

python3 -m pip install -r requirements.txt
cd src/
python3 -m gitxray.gitxray

Command Line Arguments

Required Arguments

One of the following must be specified:

  • -r, --repository [URL] - Specify a single repository to check. The URL may optionally begin with https://github.com/. Example: --repository https://github.com/example/repo

  • -rf, --repositories-file [FILEPATH] - Provide a file path containing a list of repositories, each on a new line. The file must exist. Example: --repositories-file ./list_of_repos.txt

  • -o, --organization [URL] - Specify an organization to check all repositories under that organization. The URL may optionally begin with https://github.com/. Example: --organization https://github.com/exampleOrg

Optional Arguments

You'll find these optional but very handy in common gitxray usage.

  • -l, --list - List contributors if a repository is specified or list repositories if an organization is specified. Useful for further focusing on specific entities. Example: --list

  • -c, --contributor [USERNAMES] - A comma-separated list of GitHub usernames to focus on within the specified repository or organization. Example: --contributor user1,user2

  • -f, --filters [KEYWORDS] - Comma-separated keywords to filter the results by, such as 'user_input', 'association', or 'mac'. Example: --filters user_input,association,mac

Output and Formats

  • -out, --outfile [FILEPATH] - Specify the file path for the output log. Cannot be a directory. Example: --outfile ./output.log

  • -outformat, --output-format [FORMAT] - Set the format for the log file. Supported formats are html, text and json. Default is html. Example: --output-format json

Debug

  • --debug - Enable Debug mode for a detailed and extensive output. Example: --debug

Terms of Use

The user is solely responsible for ensuring that this tool is used in compliance with applicable laws and regulations, including obtaining proper authorization for repository scanning and the distribution of any results generated. Unauthorized use or sharing of results may violate local, national, or international laws.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gitxray-1.0.16.1.tar.gz (54.8 kB view details)

Uploaded Source

Built Distribution

gitxray-1.0.16.1-py3-none-any.whl (59.5 kB view details)

Uploaded Python 3

File details

Details for the file gitxray-1.0.16.1.tar.gz.

File metadata

  • Download URL: gitxray-1.0.16.1.tar.gz
  • Upload date:
  • Size: 54.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.12

File hashes

Hashes for gitxray-1.0.16.1.tar.gz
Algorithm Hash digest
SHA256 6d06e26672d3a5a5b5e172698005f2c897e65b762a6759007f8f4276f7ad8caa
MD5 3d202a7ec0608d5ed448506a4481bf75
BLAKE2b-256 814d2e4e39af7d1aca24743f3d3767f127f8396cd14c92df94482ae1ea8d3ebe

See more details on using hashes here.

File details

Details for the file gitxray-1.0.16.1-py3-none-any.whl.

File metadata

  • Download URL: gitxray-1.0.16.1-py3-none-any.whl
  • Upload date:
  • Size: 59.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.12

File hashes

Hashes for gitxray-1.0.16.1-py3-none-any.whl
Algorithm Hash digest
SHA256 b2bf5f5367f3432876b488be13c96eb8e61b2ccd3991d9db65259950ad702296
MD5 64f38c575059e2104350b0a71c74a7b8
BLAKE2b-256 3a0f002820457c9fa7e03670f18b076d2c4dbd8432f40d338d054ef353dcc248

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page