Subliminal Hacking
The Art and Science of Social Engineering


January 22, 2015

Installing and Using GitRob … OSINT For GitHub

Always in search of new and interesting tools to speed up and improve Open Source Intelligence Gathering, I came across a nice little command like tool written in Ruby called GitRob by Michael Henriksen.

Essentially what this tool does is look through GitHub Repositories at an Organisation level, so its looking at possible public and private code / information that an Organisation and its members have decided to store on GitHub. The tool quickly and effectively looks through there repositories looking for key words, private keys, possible credentials, configuration files etc, then you can take a closer look at those findings to validate them as being useful from an offensive perspective, or as a defender if you want that information in the public domain. For more information check out Michael’s blog post, but for now check out this video taking you through installing (on Kali Linux) and using GitRob.

Below is a list of the main commands used so you can quickly and effectively copy and paste. I forgot to mention in the video, that to update GitRob post install simply use the command “gem update gitrob“.

Commands Used:

apt-get install postgresql-server-dev-9.1

apt-get install ruby1.9.1-dev

service postgresql start

su postgres

createuser -s gitrob –pwprompt

createdb -o gitrob gitrob

svn co

cd gitrob/trunk/

gem install bundler

gem install gitrob

gitrob –configure

Be Sociable, Share!

    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.


    Be the first to comment!

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.