From the Blogosphere
Gitrob on the Network | @ThingsExpo #BigData #IoT #M2M #Security
Gitrob scans the github repositories & matches filenames against a range of patterns for files containing sensitive information
By: David Dodd
Dec. 8, 2015 07:30 PM
Gitrob on the Network
Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined. Sometimes Employee might publish things that might be sensitive in nature and these things might lead to compromise of a system.
Gitrob is a tool that Michael Henriksen developed that scans the github repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a list of repositories that might be related or have relevance to the organization.
When the list of repositories has been compiled, it proceeds to gather all the filenames in each repository and runs them through a series of observers that will flag the files, if they match any patterns of known sensitive files. This step might take a while if the organization is big or if the members have a lot of public repositories.
All of the members, repositories and files will be saved to a PostgreSQL database. When everything has been sifted through, it will start a Sinatra web server locally on the machine, which will serve a simple web application to present the collected data for analysis.
Okay we are going to start with installing Postgresql database on a default Kali linux.
# apt-get install postgresql-server-dev-9.1
# apt-get install ruby1.9.1-dev
# service postgresql start
# su postgres
$ createuser -s gitrob --pwprompt
Enter password for new role:
Enter it again.
$ createdb -O gitrob gitrob
# cd gitrob/trunk
# gem install bundler
# gem install gitrob
log into your github account and grab the API key. https://github.com/
# gitrob --configure
agree with the terms (y, n)
Enter Postgresql hostname: [localhost]
Enter Postgresql port: 
Enter Postgresql username: gitrob
Enter Postgresql password for gitrob (masked): xxxxxx
Enter GitHub access tokens (blank line to stop): <this is the API key from your github account>
Now its installed and ready to go.
# gitrob -h
# gitrob -o apigee
Some findings that we have found with ruby and potential cryptographic keys.
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week