gitxray
Overview
gitxray is an OSINT (Open Source Intelligence) tool for analyzing GitHub repositories to discover secrets, identify sensitive information, and perform security research. It automatically scans repositories for exposed credentials, API keys, configuration files, and other security indicators.
gitxray is valuable for:
- GitHub security reconnaissance
- Secret and credential detection
- Commit history analysis
- Source code vulnerability discovery
- Configuration file identification
- Threat intelligence gathering
- Bug bounty hunting and assessment
Installation
Prerequisites
- Python 3.6+
- pip (Python package manager)
- Git
- GitHub API access (optional, for higher rate limits)
- Linux/macOS/Windows
Install via pip
# Install from PyPI
pip install gitxray
# Verify installation
gitxray --help
gitxray --versionInstall from Source
# Clone repository
git clone https://github.com/evilgenius1000/gitxray.git
cd gitxray
# Install dependencies
pip install -r requirements.txt
# Run directly
python gitxray.py --help
# Or install as package
pip install -e .GitHub API Authentication
# Set GitHub token for higher rate limits
export GITHUB_TOKEN=your_github_token
# Or create ~/.gitxray config file
cat > ~/.gitxray << 'EOF'
[github]
token = your_github_token
EOFCore Commands
Basic Usage
| Command | Purpose | Example |
|---|---|---|
gitxray <repo> | Analyze repository | gitxray username/repo |
gitxray -h | Show help | gitxray -h |
gitxray --version | Show version | gitxray --version |
gitxray --scan | Full security scan | gitxray --scan username/repo |
Analysis Options
| Option | Purpose | Example |
|---|---|---|
-o, --output | Output file | gitxray -o results.json repo |
-f, --format | Output format | gitxray -f json repo |
-s, --scan | Full scan mode | gitxray -s repo |
-c, --commits | Analyze commits | gitxray -c repo |
-d, --depth | Search depth | gitxray -d 50 repo |
Repository Analysis Basics
Analyze Single Repository
# Basic repository scan
gitxray username/repository
# Full security scan
gitxray --scan username/repository
# Example output:
# Repository: username/repository
# Stars: 1500
# Forks: 200
# Size: 25MB
# Language: Python
# Last Updated: 2024-01-15Repository Information Gathering
# Get repository details
gitxray owner/repo
# Analyze repository structure
gitxray owner/repo --format json
# Deep analysis
gitxray owner/repo --scan --depth 100Output to File
# Save results to JSON
gitxray owner/repo -o results.json -f json
# Save as text
gitxray owner/repo -o results.txt -f text
# Save as CSV (if supported)
gitxray owner/repo -o results.csvSecrets and Credential Detection
Detect Exposed Secrets
# Scan for API keys
gitxray --scan username/repo --type secrets
# Find AWS credentials
gitxray username/repo | grep -i "aws\|access_key\|secret_key"
# Detect database credentials
gitxray username/repo | grep -i "password\|db_\|database_"Common Secret Patterns
# Search for common secret types
gitxray username/repo --scan
# Patterns detected:
# - AWS Access Key IDs
# - Private API keys
# - Database credentials
# - OAuth tokens
# - JWT tokens
# - SSH private keys
# - Database connection stringsSensitive File Detection
# Find configuration files
gitxray username/repo | grep -i "config\|setting"
# Locate credential files
gitxray username/repo | grep -E "\.env|\.properties|\.conf"
# Identify backup files
gitxray username/repo | grep -E "\.bak|\.backup|\.old"Commit History Analysis
Analyze Commit History
# Scan all commits
gitxray username/repo -c
# Analyze last N commits
gitxray username/repo --commits --depth 50
# Search commit messages
gitxray username/repo --commits | grep -i "secret\|password\|token"Track Secret Deletion
# Find removed secrets in history
gitxray username/repo --scan --commits --depth 100
# Identify commits with secret removals
gitxray username/repo | grep -E "removed|deleted|secret"
# Check for secret re-addition
gitxray username/repo --commits | grep -B2 -A2 "secret\|password"Commit Timeline Analysis
# Get commit metadata
gitxray username/repo --commits
# Analyze commit patterns
gitxray username/repo -c | grep -oE "[0-9]{4}-[0-9]{2}-[0-9]{2}" | sort | uniq -c
# Track author activity
gitxray username/repo -c | grep "@" | sort | uniq -cSource Code Scanning
Identify Vulnerabilities in Code
# Scan for vulnerability patterns
gitxray username/repo --scan
# Look for insecure functions
gitxray username/repo | grep -iE "eval|exec|system|popen"
# Find hardcoded values
gitxray username/repo | grep -E "password\s*=|secret\s*=|key\s*="Technology Detection
# Identify frameworks and libraries
gitxray username/repo | grep -i "import\|require\|use"
# Detect vulnerable dependencies
gitxray username/repo | grep -E "version|>=|<|=="
# Find database usage
gitxray username/repo | grep -iE "mysql|postgresql|mongodb|redis"Code Pattern Analysis
# Find SQL operations
gitxray username/repo | grep -iE "select|update|delete|insert"
# Detect authentication code
gitxray username/repo | grep -iE "login|auth|password|token"
# Identify API endpoints
gitxray username/repo | grep -E "route|endpoint|@app\.|@router\."User and Organization Analysis
Analyze User Repositories
# List all public repositories for user
gitxray user:username
# Analyze all user repositories
for repo in $(gitxray user:username | grep "Repository:"); do
gitxray "$repo" --scan
doneOrganization-Wide Assessment
# Scan organization repositories
gitxray org:organization
# Analyze security posture
gitxray org:organization --scan
# Compare repositories
for repo in repo1 repo2 repo3; do
gitxray "org/$repo" | grep -i "secret\|credential"
doneAdvanced Search Techniques
Complex Repository Searches
# Search with specific criteria
gitxray "language:python stars:>1000" --scan
# Filter by size
gitxray "size:>1000000" --scan
# Search by last update
gitxray "pushed:>2024-01-01" --scan
# Combine criteria
gitxray "language:python stars:>500 pushed:>2023-01-01" --scanTargeted Vulnerability Scanning
# Search repositories for specific vulnerability
gitxray "struts" --scan
# Find Log4j vulnerable repos
gitxray "log4j" --scan --commits
# Identify outdated dependencies
gitxray "require 'rails' '5.0" --scanPractical Reconnaissance Workflows
Target Organization Assessment
# 1. Identify organization
ORG="target-company"
# 2. List repositories
echo "Discovering repositories..."
gitxray "org:$ORG" > ${ORG}_repos.txt
# 3. Scan each for secrets
while read repo; do
echo "Scanning $repo..."
gitxray "$repo" --scan -o "${repo////_}_results.json"
done < ${ORG}_repos.txt
# 4. Analyze results
grep -r "secret\|password\|key" *_results.json > ${ORG}_findings.txtBug Bounty Research Workflow
# 1. Identify target company
TARGET="company-name"
# 2. Find organization on GitHub
gitxray "org:$TARGET"
# 3. Scan for vulnerabilities
gitxray "org:$TARGET" --scan --depth 100
# 4. Focus on interesting findings
gitxray "org:$TARGET" --scan | grep -iE "secret|api|config|password"
# 5. Document findings
gitxray "org:$TARGET" --scan -o ${TARGET}_assessment.json -f jsonCompetitive Intelligence
# 1. Analyze competitor
COMPETITOR="competitor-company"
# 2. Scan repositories
gitxray "org:$COMPETITOR" --scan
# 3. Identify technologies
gitxray "org:$COMPETITOR" | grep -iE "framework|library|dependency"
# 4. Find security issues
gitxray "org:$COMPETITOR" --scan | grep -i "vulnerability\|cve\|security"
# 5. Generate report
gitxray "org:$COMPETITOR" --scan -o ${COMPETITOR}_analysis.jsonData Extraction and Processing
Extract Secrets from Results
# Get all detected secrets
gitxray username/repo --scan | grep -E "aws|key|token|password" > secrets.txt
# Filter and deduplicate
gitxray username/repo --scan | grep "secret" | sort -u
# Count secret types
gitxray username/repo --scan | grep -oE "aws|api|token|password" | sort | uniq -cParse JSON Output
# Pretty print JSON results
gitxray username/repo -o results.json -f json
cat results.json | jq '.'
# Extract specific fields
cat results.json | jq '.secrets[]'
cat results.json | jq '.vulnerabilities[]'
# Filter by type
cat results.json | jq '.secrets[] | select(.type=="api_key")'Generate Reports
# Create markdown report
cat > report.md << 'EOF'
# GitXray Assessment Report
## Repository Information
$(gitxray username/repo)
## Detected Secrets
$(gitxray username/repo --scan | grep "secret")
## Vulnerabilities
$(gitxray username/repo --scan | grep "vulnerability")
EOF
# Create summary
gitxray username/repo --scan | tee full_report.txt | \
grep -E "Repository|Stars|Language|Secrets|Vulnerabilities" > summary.txtAutomation and Integration
Batch Repository Scanning
#!/bin/bash
# Scan multiple repositories
REPOS=(
"org/repo1"
"org/repo2"
"org/repo3"
)
RESULTS_DIR="gitxray_results"
mkdir -p "$RESULTS_DIR"
for repo in "${REPOS[@]}"; do
echo "Scanning $repo..."
gitxray "$repo" --scan \
-o "$RESULTS_DIR/${repo////_}.json" \
-f json
done
# Aggregate findings
echo "# Summary of Findings" > "$RESULTS_DIR/SUMMARY.md"
grep -r "secret" "$RESULTS_DIR" >> "$RESULTS_DIR/SUMMARY.md"Continuous Monitoring Script
#!/bin/bash
# Monitor organization repositories for new secrets
ORG="target-org"
BASELINE_DIR="baseline_results"
CURRENT_DIR="current_results"
DATE=$(date +%Y%m%d)
mkdir -p "$BASELINE_DIR" "$CURRENT_DIR"
# Scan all repositories
gitxray "org:$ORG" | while read repo; do
gitxray "$repo" --scan \
-o "$CURRENT_DIR/${repo////_}_${DATE}.json" \
-f json
done
# Compare with baseline
for current_file in "$CURRENT_DIR"/*_${DATE}.json; do
baseline_file="$BASELINE_DIR/$(basename "$current_file" "_${DATE}.json").json"
if [ -f "$baseline_file" ]; then
# Find new secrets
diff <(jq '.secrets | sort' "$baseline_file") \
<(jq '.secrets | sort' "$current_file")
else
echo "New repository found: $current_file"
fi
doneTips and Best Practices
Ethical Reconnaissance
- Only scan authorized targets: Ensure proper authorization for reconnaissance
- Respect disclosure policies: Follow responsible disclosure practices
- Don’t extract credentials maliciously: Report secrets rather than exploit
- Maintain confidentiality: Keep sensitive findings secure
- Document all activities: Maintain audit trail of research
Effective Scanning
- Use GitHub API token: Increases rate limits significantly
- Scan comprehensively: Use
--depthflag for thorough analysis - Review commit history: Secrets may be in older commits
- Focus on recent changes: New code more likely to contain errors
- Combine multiple search strategies: Different approaches find different issues
Data Handling
- Secure output files: Store scan results securely
- Encrypt sensitive data: Protect extracted secrets
- Clean logs: Remove sensitive information from logs
- Archive findings: Keep historical scanning data
- Regular backups: Backup scan results
Integration with Other Tools
Combine with Secret Detection Tools
# Use with trufflehog for deeper scanning
trufflehog github --org="target-org" --only-verified
# Compare results
gitxray "org:target-org" > gitxray_results.txt
trufflehog github --org="target-org" > trufflehog_results.txtUse with OSINT Tools
# Find repositories with google-fu
# Then analyze with gitxray
gitxray "company-name" --scan
# Cross-reference with domain enumeration
for subdomain in $(dig +short company.com); do
gitxray "$subdomain" --scan
doneTroubleshooting
| Issue | Solution |
|---|---|
| Rate limiting | Use GitHub API token with export GITHUB_TOKEN=... |
| No results | Verify repository name format: owner/repo |
| Incomplete scan | Increase depth with --depth 100 |
| Timeout errors | Try scanning specific branches or commits |
| Authentication issues | Verify GitHub API token has necessary permissions |
Resources
- GitHub: https://github.com/evilgenius1000/gitxray
- GitHub API: https://docs.github.com/en/rest
- GitHub Search: https://github.com/search
- CVE Database: https://www.cvedetails.com/
- OWASP Secrets: https://owasp.org/www-community/
Summary
gitxray provides comprehensive GitHub repository analysis for security research:
- Secret Detection - Identifies exposed credentials and API keys
- Commit Analysis - Reviews version history for sensitive data
- Code Scanning - Detects vulnerable patterns and insecure practices
- Organization Assessment - Evaluates security posture across repositories
- Intelligence Gathering - Supports bug bounty and competitive analysis
Key capabilities include:
- Automated secret detection
- Commit history analysis
- Technology identification
- Vulnerability pattern recognition
- Multi-repository assessment
- Flexible output formats
Use gitxray as part of comprehensive security assessment and OSINT activities for authorized targets only.