Another day, another awesome looking tool. This time I’d like to introduce Gitrob, a tool that searches GitHub for sensitive company data.
As the developer/author Michael Henriksen points out in his blog post introducing the tool:
Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
Much more detailed information, including how it works, is available in Michael’s blog post: http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/
Not surprisingly, Michael has hosted the Gitrob code on GitHub here: https://github.com/michenriksen/gitrob