-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathdorker.py
132 lines (113 loc) · 4.23 KB
/
dorker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
from github3 import GitHub
import requests
import json
import base64
import re
import subprocess
import pymongo
import datetime
from pymongo import MongoClient
client = MongoClient()
client = MongoClient('localhost', 27017)
db = client.githubdorker
leaks=db.leaks
tok="63f64803725a0dbaa4f6e5acae5b7fa8a67b6fb7"
def isAlive(sHost):
try:
output = subprocess.check_output("ping -c 1 "+sHost, shell=True)
except Exception:
return False
return True
def pp_json(json_thing, sort=True, indents=4):
if type(json_thing) is str:
print(json.dumps(json.loads(json_thing), sort_keys=sort, indent=indents))
else:
print(json.dumps(json_thing, sort_keys=sort, indent=indents))
return None
def parse_line(l):
ls=l.split(':')
if len(ls)>2 or len(ls)==1:
return l
else:
print(ls)
rz=re.findall(r'"([^"]*)"', ls[1])
return ','.join(rz)
def getsftp(r,g):
usersl=[]
pwdsl=[]
rez=[]
hosts=[]
rezz={}
for repo in r:
rowner=str(repo.repository).split('/')[0]
rrepo=str(repo.repository).split('/')[1]
print("+++++++++++++++")
repobj=g.repository(rowner,rrepo)
com=repobj.iter_commits(None,repo.path)
for ev in com:
comitdate=ev.commit.author['date']
htmlink = ev.commit.html_url
head = {'Authorization': 'token %s' % tok}
res = requests.get(repo.git_url, headers=head)
cont=base64.b64decode(res.json()['content']).decode('utf-8')
for l in cont.splitlines():
if '\"user\"' in l or '\"username\"' in l:
if '//' not in l:
usersl.append(parse_line(l))
if '\"password\"' in l:
if '//' not in l:
pwdsl.append(parse_line(l))
if '\"host\"' in l:
l = l.replace("http://","").replace("https://","").replace("www.", "")
if not any(x in l for x in ['//','192.168','localhost','127.0.0.1','172.16','10.0']):
hosts.append(parse_line(l))
if usersl and pwdsl and hosts and isAlive(hosts[0]):
print(repo.git_url)
ins=leaks.update_one({"url":repo.git_url},{
"$setOnInsert":{
"url":repo.git_url,
"password" : pwdsl,
"username" : usersl,
"host" : hosts,
"repository" : rrepo,
"owner" : rowner,
"date" : comitdate,
"online" : isAlive(hosts[0]),
"html_link" : htmlink,
"created_issue" : False,
}
},upsert = True)
print("Added in database " + str(ins.upserted_id))
usersl=[]
pwdsl=[]
hosts=[]
def create_issues(g):
lleaks=leaks.find({'date': {'$gt': datetime.datetime(2017, 2, 1, 0, 0, 1).isoformat()}})
for idx,leak in enumerate(lleaks):
print(leak)
post = """
A set of credentials associated to an online host has been found inside this respository.
```
File: sftp-config.json
sha1: {0}
date: {1}
```
Consider changing your password or [not using passwords at all](https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2) and [including sensitive files in your .gitignore](https://git-scm.com/docs/gitignore)
This issue was created automatically by [GithubLeakAlert](https://github.com/misterch0c/GithubLeakAlert), excuse any false positive.<br>
Better prevent than cure (;
<p align="center">
<img src="http://i.imgur.com/p89jk7r.png" alt="white hat pepe"/>
</p>
""".format(leak['html_link'].split('/').pop(),leak['date'])
if not leak['created_issue']:
print(lleaks)
#issue = g.create_issue(leak['owner'],leak['repository'],"Credentials found in this repository",body=post)
leaks.update_one({'_id':leak['_id']},{'$set':{'created_issue': True}})
#ci = g.create_issue("d0rker","test","tesddtt",body=post)
def main():
g = GitHub(token=tok)
r = g.search_code("filename:sftp-config password", "indexed","desc")
getsftp(r, g)
#create_issues(g)
if __name__ == "__main__":
main()