shhgit — Secret Discovery | Tools

Description

shhgit monitors GitHub's real-time event feed to find secrets, tokens, and credentials being committed in public repositories. It uses configurable signatures to detect AWS keys, Slack tokens, database URLs, private keys, and more.

Installation

                        BASH
                        
                            # Download binary from releases
# https://github.com/eth0izzle/shhgit/releases

# From source
go install github.com/eth0izzle/shhgit@latest

Basic Usage

                        BASH
                        
                            # Monitor GitHub events in real-time
shhgit

# With web UI
shhgit --enable-web
# Opens dashboard at http://localhost:8080

Advanced Usage

                        BASH
                        
                            # Custom config
shhgit --config config.yaml

# Local mode (scan local repo)
shhgit --local /path/to/repo

# Custom signatures file
shhgit --signatures-path custom_signatures.yaml

# Clone and search repos
shhgit --clone-repo-dir /tmp/repos

Common Workflows

                        BASH
                        
                            # Real-time secret monitoring
shhgit --enable-web  # Monitor dashboard

# Scan organization's repos
shhgit --local /path/to/cloned/org-repo

# Bug bounty recon — find leaked credentials for target org
# Monitor for commits from target.com email addresses