Gitrob – OSINT gathering tool for GitHub

Please, don&#x27;t blur if you want to redact. Instead, use a uniform, opaque color. See <a href="http://dheera.net/projects/blur" rel="nofollow">http:&#x2F;&#x2F;dheera.net&#x2F;projects&#x2F;blur</a> and <a href="https://news.ycombinator.com/item?id=8078747" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8078747</a>.<p>Context: I just looked at some of the screenshots showing example findings. While it is thoughtful to blur some sensitive information, it is clear that blurring is not enough. I hope that we can get this message out.

The patterns definition file, listing the things that this tool detects as potentially sensitive, is worth a look: <a href="https://github.com/michenriksen/gitrob/blob/master/patterns.json" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;michenriksen&#x2F;gitrob&#x2F;blob&#x2F;master&#x2F;patterns....</a><p>Special award for most meta pattern:<p><pre><code> &quot;part&quot;: &quot;filename&quot;, &quot;type&quot;: &quot;regex&quot;, &quot;pattern&quot;: &quot;\\A\\.?gitrobrc\\z&quot;, &quot;caption&quot;: &quot;Well, this is awkward... Gitrob configuration file&quot;,</code></pre>

So, I guess the hint here is &quot;Run this on your own organization before someone else does.&quot;

Fantastic concept and execution.<p>I would note that by the time this sensitive code hits Github, its already too late. Criminals who mine PII&#x2F;secrets use the Github event firehose to analyze code pushes in near-realtime.<p>It would be great to integrate this code as a pre-commit hook, so that code doesn&#x27;t even get into the tree if its sensitive.