Always in search of new and interesting tools to speed up and improve Open Source Intelligence Gathering, I came across a nice little command like tool written in Ruby called GitRob by Michael Henriksen.
Essentially what this tool does is look through GitHub Repositories at an Organisation level, so its looking at possible public and private code / information that an Organisation and its members have decided to store on GitHub. The tool quickly and effectively looks through there repositories looking for key words, private keys, possible credentials, configuration files etc, then you can take a closer look at those findings to validate them as being useful from an offensive perspective, or as a defender if you want that information in the public domain. For more information check out Michael’s blog post, but for now check out this video taking you through installing (on Kali Linux) and using GitRob.
Below is a list of the main commands used so you can quickly and effectively copy and paste. I forgot to mention in the video, that to update GitRob post install simply use the command “gem update gitrob“.
Commands Used:
apt-get install postgresql-server-dev-9.1
apt-get install ruby1.9.1-dev
service postgresql start
su postgres
createuser -s gitrob –pwprompt
createdb -o gitrob gitrob
svn co https://github.com/michenriksen/gitrob
cd gitrob/trunk/
gem install bundler
gem install gitrob
gitrob –configure
http://127.0.0.1:9393/
