GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hahwul → gitls

hahwul / gitls

Licence: MIT License
🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

Programming Languages

go
31211 projects - #10 most used programming language
Dockerfile
14818 projects

Labels

githubgitsecuritytoolbugbountyfetchersecurity-toolscli-toolwhitebox-testingbutbountytips

Projects that are alternatives of or similar to gitls

lit-bb-hack-tools
Little Bug Bounty & Hacking Tools⚔️
Stars: ✭ 180 (+361.54%)
Mutual labels:  bugbounty, cli-tool
Resources
No description or website provided.
Stars: ✭ 38 (-2.56%)
Mutual labels:  bugbounty
Voila
Voila is a domain-specific language launched through CLI tool for operating with files and directories in massive amounts in a fast & reliable way.
Stars: ✭ 78 (+100%)
Mutual labels:  cli-tool
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+1200%)
Mutual labels:  bugbounty
frida setup
One-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (+20.51%)
Mutual labels:  bugbounty
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-38.46%)
Mutual labels:  bugbounty
pentesting-dockerfiles
Pentesting/Bugbounty Dockerfiles.
Stars: ✭ 148 (+279.49%)
Mutual labels:  bugbounty
jsleak
a Go code to detect leaks in JS files via regex patterns
Stars: ✭ 111 (+184.62%)
Mutual labels:  bugbounty
tictac
⏰ Handy time manager for your daily tasks
Stars: ✭ 55 (+41.03%)
Mutual labels:  cli-tool
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (+117.95%)
Mutual labels:  bugbounty
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+117.95%)
Mutual labels:  bugbounty
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (+115.38%)
Mutual labels:  bugbounty
AndroidSecNotes
An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
Stars: ✭ 140 (+258.97%)
Mutual labels:  bugbounty
reconness-agents
Reconness Agents Script
Stars: ✭ 25 (-35.9%)
Mutual labels:  bugbounty
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-10.26%)
Mutual labels:  bugbounty
fresh.py
An efficient multi-threaded DNS resolver validator
Stars: ✭ 80 (+105.13%)
Mutual labels:  bugbounty
Domainker
BugBounty Tool
Stars: ✭ 40 (+2.56%)
Mutual labels:  bugbounty
authz0
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (+535.9%)
Mutual labels:  bugbounty
SecurityExplained
SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (+671.79%)
Mutual labels:  bugbounty
openebsctl
`openebsctl` is a kubectl plugin to manage OpenEBS storage components.
Stars: ✭ 23 (-41.03%)
Mutual labels:  cli-tool
View All Similar Projects ➔



Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user.

This can be used for various actions such as scanning or cloning for multiple repositories.

🚧 NOTICE
For unauthenticated requests in github api, the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originating IP address, and not the user making requests. https://docs.github.com/en/rest/overview/resources-in-the-rest-api

So too many tasks can be blocked by the API for a certain time from github. In this case, you can select the appropriate destination or access and use any IP using the torsocks(e.g torsocks gitls -l user.list) or -tor options.

Installation

From go-get

▶ GO111MODULE=on go get -v github.com/hahwul/gitls

Using homebres

▶ brew tap hahwul/gitls
▶ brew install gitls

Using snapcraft

▶ sudo snap install gitls

Usage

Usage of gitls:
  -include-users
    	include repo of org users(member)
  -l string
    	List of targets (e.g -l sample.lst)
  -o string
    	write output file (optional)
  -proxy string
    	using custom proxy
  -tor
    	using tor proxy / localhost:9050
  -version
    	version of gitls

Case Study

Make all repo urls from repo/org/user urls

sample.lst

https://github.com/hahwul
https://github.com/tomnomnom/gron
https://github.com/tomnomnom/httprobe
https://github.com/s0md3v

make repo url list from sample file

▶ gitls -l sample.lst
https://github.com/hahwul/a2sv
https://github.com/hahwul/action-dalfox
https://github.com/hahwul/asset-of-hahwul.com
https://github.com/hahwul/awesome-zap-extensions
https://github.com/hahwul/backbomb
https://github.com/hahwul/booungJS
https://github.com/hahwul/buildpack-nmap
https://github.com/hahwul/buildpack-zap-daemon
https://github.com/hahwul/can-i-protect-xss
https://github.com/hahwul/cyan-snake
https://github.com/hahwul/dalfox
https://github.com/hahwul/DevSecOps
https://github.com/hahwul/droid-hunter
https://github.com/hahwul/exploit-db_to_dokuwiki
https://github.com/hahwul/ftc
https://github.com/hahwul/gitls
https://github.com/hahwul/go-github-selfupdate-patched
https://github.com/hahwul/hack-pet
...snip...
https://github.com/hahwul/zap-cloud-scan
https://github.com/tomnomnom/gron
https://github.com/tomnomnom/httprobe
https://github.com/s0md3v/Arjun
https://github.com/s0md3v/AwesomeXSS
https://github.com/s0md3v/Blazy
https://github.com/s0md3v/Bolt
...snip...
https://github.com/s0md3v/velocity
https://github.com/s0md3v/XSStrike
https://github.com/s0md3v/Zen
https://github.com/s0md3v/zetanize

Get all repository in org and included users(members)

▶ echo https://github.com/paypal | ./gitls -include-users

....
https://github.com/paypal/tech-talks
https://github.com/paypal/TLS-update
https://github.com/paypal/yurita
https://github.com/ahunnargikar
https://github.com/ahunnargikar/docker-chronos-image
https://github.com/ahunnargikar/docker-tomcat7
https://github.com/ahunnargikar/DockerConDemo
https://github.com/ahunnargikar/elasticsearch-registry-backend
https://github.com/ahunnargikar/elasticsearchindex
https://github.com/ahunnargikar/jenkins-dind
https://github.com/ahunnargikar/jenkins-standalone
https://github.com/ahunnargikar/vagrant-mesos
https://github.com/ahunnargikar/vagrant_docker_registry
https://github.com/anandpalanisamy
https://github.com/anilgursel
https://github.com/anilgursel/squbs-sample
https://github.com/bluepnume

Automated testing with gitleaks

▶ gitls -l sample.lst | xargs -I % gitleaks --repo-url=% -v

All clone target's repo

▶ echo "https://github.com/paypal" | gitls | xargs -I % git clone %

Contributors

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].