Git (pronounced “git”) is a version control system that helps track the history of changes in files. Git is used by programmers to collaborate on projects. A repository is all files under version control, along with their change history and other service information. You can create a Git repository either by selecting any folder on your computer, or by cloning an existing repository, for example, from your employer. There are different ways of storing and using a repository: local, centralized and distributed version control systems are distinguished. GitHub is the most popular site for storing and working with git repositories. Also, GitHub is the largest platform for hosting open source projects. No registration or account payment is required to view and download public repositories. In a sense, GitHub is also a social network for developers. Registered users can publish content and manage their own repositories, contribute to other people’s repositories, lead discussions, view code changes, comment on them, and follow the updates of friends.
GitHub is often used in recruitment – an active account and high-quality code can greatly help in finding a job. Therefore, it is especially important to have an account to show your code to colleagues and how it evolves over time. Now there are many other online services integrated with Git. Alternatives to GitHub are, for example, GitLab and BitBucket. Both sites have a smaller audience, but have their own functionality and advantages, for example, BitBucket is more suitable for small closed-source projects.
With the right searches, various snippets of code can be found in Github repositories that contain credentials to connect to the company’s infrastructure and are used by developers and QA engineers. Methods and techniques for searching information in public repositories for secrets* can help us uncover hidden and interesting applications before their immediate security analysis begins.
Secret refers to private keys, account details, and other confidential information.
Here it is worth understanding one nuance, we can look for secrets in the official repository of the organization, and we can in unofficial repositories of its employees or contractors. The more sources we have, the more likely we are to find the data we need. The process of finding secrets on Github or other repositories can be observed on a great flowchart. We can use various tools to search for information in repositories and to automate such processes.
OctoLinker converts language-specific assertions such as include require or import into links.
EmailOnGitHub Chrome extension allows you to discover information related to a user’s GitHub profile.
A Chrome extension that can be used to download individual files from github.com repositories.
Email and repository hunter for github users and projects.
Highlighting the selected word in the GitHub source text view as in Sublime Text.
Display of document files in GitHub is powered by Aspose.Words Cloud.
Code Search on GitHub scans repositories and returns results that match lines of code.
Displays the size of the repository, file, download link and file copy.
Automatically adding repository size to repository commits on GitHub.
With this add-on, you can find out where your sensitive data has been leaked.
Gitleaks is a SAST tool for detecting and preventing hard-coded secrets.
OSINT tool for obtaining information and searching for e-mail addresses of users.
Octosuite is a lightweight yet advanced open source osint framework.
A transition that helps improve your ability to discover secrets shared on Github.
Hound is a plugin that helps prevent sensitive data from being committed to a repository.
Repo-supervisor is a tool that helps you discover secrets and passwords in your code.
Prevents passwords and other confidential information from being captured in repository.
A module for detecting secrets in the code base. An important tool.
Find Github email addresses.
Search for leaked credentials on Github.
GitHub Action for tracking and monitoring.