gitxray

Overview

gitxray is an OSINT (Open Source Intelligence) tool for analyzing GitHub repositories to discover secrets, identify sensitive information, and perform security research. It automatically scans repositories for exposed credentials, API keys, configuration files, and other security indicators.

gitxray is valuable for:

• GitHub security reconnaissance
• Secret and credential detection
• Commit history analysis
• Source code vulnerability discovery
• Configuration file identification
• Threat intelligence gathering
• Bug bounty hunting and assessment

Installation

Prerequisites

• Python 3.6+
• pip (Python package manager)
• Git
• GitHub API access (optional, for higher rate limits)
• Linux/macOS/Windows

Install via pip

# Install from PyPI
pip install gitxray

# Verify installation
gitxray --help
gitxray --version

Install from Source

# Clone repository
git clone https://github.com/evilgenius1000/gitxray.git
cd gitxray

# Install dependencies
pip install -r requirements.txt

# Run directly
python gitxray.py --help

# Or install as package
pip install -e .

GitHub API Authentication

# Set GitHub token for higher rate limits
export GITHUB_TOKEN=your_github_token

# Or create ~/.gitxray config file
cat > ~/.gitxray << 'EOF'
[github]
token = your_github_token
EOF

Core Commands

Basic Usage

Command	Purpose	Example
gitxray <repo>	Analyze repository	gitxray username/repo
gitxray -h	Show help	gitxray -h
gitxray --version	Show version	gitxray --version
gitxray --scan	Full security scan	gitxray --scan username/repo

Analysis Options

Option	Purpose	Example
-o, --output	Output file	gitxray -o results.json repo
-f, --format	Output format	gitxray -f json repo
-s, --scan	Full scan mode	gitxray -s repo
-c, --commits	Analyze commits	gitxray -c repo
-d, --depth	Search depth	gitxray -d 50 repo

Repository Analysis Basics

Analyze Single Repository

# Basic repository scan
gitxray username/repository

# Full security scan
gitxray --scan username/repository

# Example output:
# Repository: username/repository
# Stars: 1500
# Forks: 200
# Size: 25MB
# Language: Python
# Last Updated: 2024-01-15

Repository Information Gathering

# Get repository details
gitxray owner/repo

# Analyze repository structure
gitxray owner/repo --format json

# Deep analysis
gitxray owner/repo --scan --depth 100

Output to File

# Save results to JSON
gitxray owner/repo -o results.json -f json

# Save as text
gitxray owner/repo -o results.txt -f text

# Save as CSV (if supported)
gitxray owner/repo -o results.csv

Secrets and Credential Detection

Detect Exposed Secrets

# Scan for API keys
gitxray --scan username/repo --type secrets

# Find AWS credentials
gitxray username/repo | grep -i "aws\|access_key\|secret_key"

# Detect database credentials
gitxray username/repo | grep -i "password\|db_\|database_"

Common Secret Patterns

# Search for common secret types
gitxray username/repo --scan

# Patterns detected:
# - AWS Access Key IDs
# - Private API keys
# - Database credentials
# - OAuth tokens
# - JWT tokens
# - SSH private keys
# - Database connection strings

Sensitive File Detection

# Find configuration files
gitxray username/repo | grep -i "config\|setting"

# Locate credential files
gitxray username/repo | grep -E "\.env|\.properties|\.conf"

# Identify backup files
gitxray username/repo | grep -E "\.bak|\.backup|\.old"

Commit History Analysis

Analyze Commit History

# Scan all commits
gitxray username/repo -c

# Analyze last N commits
gitxray username/repo --commits --depth 50

# Search commit messages
gitxray username/repo --commits | grep -i "secret\|password\|token"

Track Secret Deletion

# Find removed secrets in history
gitxray username/repo --scan --commits --depth 100

# Identify commits with secret removals
gitxray username/repo | grep -E "removed|deleted|secret"

# Check for secret re-addition
gitxray username/repo --commits | grep -B2 -A2 "secret\|password"

Commit Timeline Analysis

# Get commit metadata
gitxray username/repo --commits

# Analyze commit patterns
gitxray username/repo -c | grep -oE "[0-9]{4}-[0-9]{2}-[0-9]{2}" | sort | uniq -c

# Track author activity
gitxray username/repo -c | grep "@" | sort | uniq -c

Source Code Scanning

Identify Vulnerabilities in Code

# Scan for vulnerability patterns
gitxray username/repo --scan

# Look for insecure functions
gitxray username/repo | grep -iE "eval|exec|system|popen"

# Find hardcoded values
gitxray username/repo | grep -E "password\s*=|secret\s*=|key\s*="

Technology Detection

# Identify frameworks and libraries
gitxray username/repo | grep -i "import\|require\|use"

# Detect vulnerable dependencies
gitxray username/repo | grep -E "version|>=|<|=="

# Find database usage
gitxray username/repo | grep -iE "mysql|postgresql|mongodb|redis"

Code Pattern Analysis

# Find SQL operations
gitxray username/repo | grep -iE "select|update|delete|insert"

# Detect authentication code
gitxray username/repo | grep -iE "login|auth|password|token"

# Identify API endpoints
gitxray username/repo | grep -E "route|endpoint|@app\.|@router\."

User and Organization Analysis

Analyze User Repositories

# List all public repositories for user
gitxray user:username

# Analyze all user repositories
for repo in $(gitxray user:username | grep "Repository:"); do
  gitxray "$repo" --scan
done

Organization-Wide Assessment

# Scan organization repositories
gitxray org:organization

# Analyze security posture
gitxray org:organization --scan

# Compare repositories
for repo in repo1 repo2 repo3; do
  gitxray "org/$repo" | grep -i "secret\|credential"
done

Advanced Search Techniques

Complex Repository Searches

# Search with specific criteria
gitxray "language:python stars:>1000" --scan

# Filter by size
gitxray "size:>1000000" --scan

# Search by last update
gitxray "pushed:>2024-01-01" --scan

# Combine criteria
gitxray "language:python stars:>500 pushed:>2023-01-01" --scan

Targeted Vulnerability Scanning

# Search repositories for specific vulnerability
gitxray "struts" --scan

# Find Log4j vulnerable repos
gitxray "log4j" --scan --commits

# Identify outdated dependencies
gitxray "require 'rails' '5.0" --scan

Practical Reconnaissance Workflows

Target Organization Assessment

# 1. Identify organization
ORG="target-company"

# 2. List repositories
echo "Discovering repositories..."
gitxray "org:$ORG" > ${ORG}_repos.txt

# 3. Scan each for secrets
while read repo; do
  echo "Scanning $repo..."
  gitxray "$repo" --scan -o "${repo////_}_results.json"
done < ${ORG}_repos.txt

# 4. Analyze results
grep -r "secret\|password\|key" *_results.json > ${ORG}_findings.txt

Bug Bounty Research Workflow

# 1. Identify target company
TARGET="company-name"

# 2. Find organization on GitHub
gitxray "org:$TARGET"

# 3. Scan for vulnerabilities
gitxray "org:$TARGET" --scan --depth 100

# 4. Focus on interesting findings
gitxray "org:$TARGET" --scan | grep -iE "secret|api|config|password"

# 5. Document findings
gitxray "org:$TARGET" --scan -o ${TARGET}_assessment.json -f json

Competitive Intelligence

# 1. Analyze competitor
COMPETITOR="competitor-company"

# 2. Scan repositories
gitxray "org:$COMPETITOR" --scan

# 3. Identify technologies
gitxray "org:$COMPETITOR" | grep -iE "framework|library|dependency"

# 4. Find security issues
gitxray "org:$COMPETITOR" --scan | grep -i "vulnerability\|cve\|security"

# 5. Generate report
gitxray "org:$COMPETITOR" --scan -o ${COMPETITOR}_analysis.json

Data Extraction and Processing

Extract Secrets from Results

# Get all detected secrets
gitxray username/repo --scan | grep -E "aws|key|token|password" > secrets.txt

# Filter and deduplicate
gitxray username/repo --scan | grep "secret" | sort -u

# Count secret types
gitxray username/repo --scan | grep -oE "aws|api|token|password" | sort | uniq -c

Parse JSON Output

# Pretty print JSON results
gitxray username/repo -o results.json -f json
cat results.json | jq '.'

# Extract specific fields
cat results.json | jq '.secrets[]'
cat results.json | jq '.vulnerabilities[]'

# Filter by type
cat results.json | jq '.secrets[] | select(.type=="api_key")'

Generate Reports

# Create markdown report
cat > report.md << 'EOF'
# GitXray Assessment Report

## Repository Information
$(gitxray username/repo)

## Detected Secrets
$(gitxray username/repo --scan | grep "secret")

## Vulnerabilities
$(gitxray username/repo --scan | grep "vulnerability")
EOF

# Create summary
gitxray username/repo --scan | tee full_report.txt | \
  grep -E "Repository|Stars|Language|Secrets|Vulnerabilities" > summary.txt

Automation and Integration

Batch Repository Scanning

#!/bin/bash
# Scan multiple repositories

REPOS=(
  "org/repo1"
  "org/repo2"
  "org/repo3"
)

RESULTS_DIR="gitxray_results"
mkdir -p "$RESULTS_DIR"

for repo in "${REPOS[@]}"; do
  echo "Scanning $repo..."
  gitxray "$repo" --scan \
    -o "$RESULTS_DIR/${repo////_}.json" \
    -f json
done

# Aggregate findings
echo "# Summary of Findings" > "$RESULTS_DIR/SUMMARY.md"
grep -r "secret" "$RESULTS_DIR" >> "$RESULTS_DIR/SUMMARY.md"

Continuous Monitoring Script

#!/bin/bash
# Monitor organization repositories for new secrets

ORG="target-org"
BASELINE_DIR="baseline_results"
CURRENT_DIR="current_results"
DATE=$(date +%Y%m%d)

mkdir -p "$BASELINE_DIR" "$CURRENT_DIR"

# Scan all repositories
gitxray "org:$ORG" | while read repo; do
  gitxray "$repo" --scan \
    -o "$CURRENT_DIR/${repo////_}_${DATE}.json" \
    -f json
done

# Compare with baseline
for current_file in "$CURRENT_DIR"/*_${DATE}.json; do
  baseline_file="$BASELINE_DIR/$(basename "$current_file" "_${DATE}.json").json"
  
  if [ -f "$baseline_file" ]; then
    # Find new secrets
    diff <(jq '.secrets | sort' "$baseline_file") \
         <(jq '.secrets | sort' "$current_file")
  else
    echo "New repository found: $current_file"
  fi
done

Tips and Best Practices

Ethical Reconnaissance

• Only scan authorized targets: Ensure proper authorization for reconnaissance
• Respect disclosure policies: Follow responsible disclosure practices
• Don’t extract credentials maliciously: Report secrets rather than exploit
• Maintain confidentiality: Keep sensitive findings secure
• Document all activities: Maintain audit trail of research

Effective Scanning

• Use GitHub API token: Increases rate limits significantly
• Scan comprehensively: Use --depth flag for thorough analysis
• Review commit history: Secrets may be in older commits
• Focus on recent changes: New code more likely to contain errors
• Combine multiple search strategies: Different approaches find different issues

Data Handling

• Secure output files: Store scan results securely
• Encrypt sensitive data: Protect extracted secrets
• Clean logs: Remove sensitive information from logs
• Archive findings: Keep historical scanning data
• Regular backups: Backup scan results

Integration with Other Tools

Combine with Secret Detection Tools

# Use with trufflehog for deeper scanning
trufflehog github --org="target-org" --only-verified

# Compare results
gitxray "org:target-org" > gitxray_results.txt
trufflehog github --org="target-org" > trufflehog_results.txt

Use with OSINT Tools

# Find repositories with google-fu
# Then analyze with gitxray
gitxray "company-name" --scan

# Cross-reference with domain enumeration
for subdomain in $(dig +short company.com); do
  gitxray "$subdomain" --scan
done

Troubleshooting

Issue	Solution
Rate limiting	Use GitHub API token with export GITHUB_TOKEN=...
No results	Verify repository name format: owner/repo
Incomplete scan	Increase depth with --depth 100
Timeout errors	Try scanning specific branches or commits
Authentication issues	Verify GitHub API token has necessary permissions

Resources

• GitHub: https://github.com/evilgenius1000/gitxray
• GitHub API: https://docs.github.com/en/rest
• GitHub Search: https://github.com/search
• CVE Database: https://www.cvedetails.com/
• OWASP Secrets: https://owasp.org/www-community/

Summary

gitxray provides comprehensive GitHub repository analysis for security research:

1. Secret Detection - Identifies exposed credentials and API keys
2. Commit Analysis - Reviews version history for sensitive data
3. Code Scanning - Detects vulnerable patterns and insecure practices
4. Organization Assessment - Evaluates security posture across repositories
5. Intelligence Gathering - Supports bug bounty and competitive analysis

Key capabilities include:

• Automated secret detection
• Commit history analysis
• Technology identification
• Vulnerability pattern recognition
• Multi-repository assessment
• Flexible output formats

Use gitxray as part of comprehensive security assessment and OSINT activities for authorized targets only.