Monitor GitHub events and clone repositories to search for secrets, and more.

Go to file

agatha 3cdf98426e Add installation and configuration to README.md		2023-11-11 11:27:38 -05:00
.img	Include console output image	2023-11-11 11:21:56 -05:00
gitmon	Add countdown	2023-11-10 22:46:18 -05:00
.gitignore	Exclude configuration	2023-11-10 21:33:46 -05:00
main.py	Token is optional	2023-11-10 23:43:25 -05:00
README.md	Add installation and configuration to README.md	2023-11-11 11:27:38 -05:00
requirements.txt	Add loguru for logging	2023-11-10 20:35:04 -05:00

README.md

GitMon

Monitor GitHub events and clone repositories to search for secrets, and more.

Overview

GitMon allows an operator to continually monitor the GitHub Events API to collect metadata and look for secret leakage.

When certain events such as CreateEvent or DeleteEvent are observed, GitMon will send the repository URL to a worker that will clone the repository and search for API keys, passwords, endpoints, and more.

GitMon will also build a table that maps commit email addresses to GitHub usernames.

Installation

git clone https://git.juggalol.com/agatha/gitmon
cd gitmon
pip install -r requirements.txt

Configuration

GitMon works best with a token. Without a token you are limited to 60 API calls per hour. Creating and using a Personal Access Token will raise that limit to 60,000 API calls per hour.

To use a Personal Access Token, create a config.py file:

token = 'ghp_YOUR_TOKEN_HERE'

Caught Slippin'

Contributors

agathanonymous