GitHunter — Git Exposure | Tools

Description

GitHunter searches through Git repositories for interesting content including passwords, API keys, internal URLs, and other sensitive information. It examines each commit in the repository history to find data that may have been removed but still exists in the Git object database.

Installation

BASH

                            git clone https://github.com/digininja/GitHunter.git
cd GitHunter
bundle install
                        

Basic Usage

                        BASH
                        
                            # Search a local repository
ruby githunter.rb /path/to/repo

# Search for specific patterns
ruby githunter.rb /path/to/repo --pattern "password|secret|api_key"

Advanced Usage

                        BASH
                        
                            # Search specific branch
ruby githunter.rb /path/to/repo --branch develop

# Output to file
ruby githunter.rb /path/to/repo --output findings.txt

# Regex mode
ruby githunter.rb /path/to/repo --regex "AKIA[0-9A-Z]{16}"

Common Workflows

                        BASH
                        
                    

                            # Clone target repo then hunt
git clone https://github.com/target/app.git
ruby githunter.rb ./app/

# Hunt through all deleted files
cd target-repo/
git log --all --diff-filter=D --name-only --pretty=format: | sort -u
# Then check each deleted file in git history
                        