shania
shania copied to clipboard
abdilahrf
Scan secrets from Continuous Integration Build Logs
_ _
| | (_)
___| |__ __ _ _ __ _ __ _
/ __| '_ \ / _` | '_ \| |/ _` |
\__ \ | | | (_| | | | | | (_| |
|___/_| |_|\__,_|_| |_|_|\__,_|
Requirement โ
Use this command to install jq as the requirement : sudo apt install jq
- Replace [CI_TOKEN] with your key in
main.pyfile - Replace [GITLAB_TOKEN] with your key in
main.pyfile - Replace [GITHUB_TOKEN] with your key in
scan-organization.shfile
Usage ๐ฎ
Example usage
./scan-organisation.sh uber
./scan-organisation.sh [ORGANIZATION_NAME]
./scan-single.sh [USER_HANDLE]
FAQ โ
- jq: error (at
:4) Cannot index string with string "login" : Make sure your [GITHUB_TOKEN] already correct
References ๐งพ
- https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
Special thanks to : @Rhynorater @hacker_ @EdOverflow @KarimPwnz @streaak @d0nutptr
Legal Disclaimer โ
This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.
abdilahrf