A Python script that wraps the gitleaks tool to enable scanning of multiple repositories in parallel

Related tags

Third-party APIs Wrapperspythondockerterminalmultiprocessingpybuildergitleaks
Overview

mpgitleaks

build Code Grade complexity vulnerabilities python

A Python script that wraps the gitleaks tool to enable scanning of multiple repositories in parallel.

The motivation behind writing this script was:

  • implement workaround for gitleaks intermittent failures when cloning very large repositories
  • implement ability to scan multiple repostiories in parallel
  • implement ability to scan repositories for a user, a specified organization or read from a file

Notes:

  • the script uses https to clone the repos
    • you must set the USERNAME and PASSWORD environment variables - this credential needs to have access to the repos being scanned
    • if using --file then https clone urls must be supplied in the file
  • the maximum number of background processes (workers) that will be started is 35
    • if the number of repos to process is less than the maximum number of workers
      • the script will start one worker per repository
    • if the number of repos to process is greater than the maximum number of workers
      • the repos will be added to a thread-safe queue and processed by all the workers
  • the Docker container must run with a bind mount to the working directory in order to access logs/reports
    • the repos will be cloned to the ./scans/clones folder in the working directory
    • the reports will be written to the ./scans/reports/ folder in the working directory
    • a summary report will be written to mpgitleaks.csv

Usage

usage: mpgitleaks [-h] [--file FILENAME] [--user] [--org ORG] [--exclude EXCLUDE] [--include INCLUDE] [--debug]

A Python script that wraps the gitleaks tool to enable scanning of multiple repositories in parallel

optional arguments:
  -h, --help         show this help message and exit
  --file FILENAME    scan repos contained in the specified file
  --user             scan repos for the authenticated GitHub user where user is owner or collaborator
  --org ORG          scan repos for the specified GitHub organization
  --exclude EXCLUDE  a regex to match name of repos to exclude from scanning
  --include INCLUDE  a regex to match name of repos to include in scanning
  --debug            log debug messages to a log file

Execution

Set the required environment variables:

export USERNAME='--username--'
export PASSWORD='--password-or-token--'

If using --user or --org options and GitHub instance is not api.github.com:

export GH_BASE_URL='--api-address-to-github-instance--'

Execute the Docker container:

docker container run \
--rm \
-it \
-e http_proxy \
-e https_proxy \
-e GH_BASE_URL \
-e USERNAME \
-e PASSWORD \
-v $PWD:/opt/mpgitleaks \
soda480/mpgitleaks:latest \
[MPGITLEAKS OPTIONS]

Note: the http[s]_proxy environment variables are only required if executing behind a proxy server

Examples

Scan all repos contained in the file repos.txt but exclude the repos that match the specified regex, an example of a repos.txt can be found here:

mpgitleaks --file 'repos.txt' --exclude 'soda480/mplogp'

example

Scan all repos for the authenticated user but exclude the repos that match the specified regex:

mpgitleaks --user --exclude 'intel|edgexfoundry|soda480/openhack'

Scan all repos in the specified organization but only include the repos that match the specified regex:

mpgitleaks --org 'myorg' --include '.*-go'

Development

Clone the repository and ensure the latest version of Docker is installed on your development server.

Build the Docker image:

docker image build \
--target build \
--build-arg http_proxy \
--build-arg https_proxy \
-t \
mpgitleaks:latest .

Run the Docker container:

docker container run \
--rm \
-it \
-e http_proxy \
-e https_proxy \
-v $PWD:/code \
mpgitleaks:latest \
/bin/bash

Build application:

pyb -X
You might also like...
Script to post multiple status(posts) on twitter

Script to post multiple status on twitter (i.e. TWITTER STORM) This program can post upto maximum limit of twitter(around 300 tweets) within seconds.

Sandeep Kumar 4 Sep 9, 2021
Start multiple bots using one script. VK RAID BOTNET

MultiRaidBotnet Start multiple bots using one script. VK RAID BOTNET Русский launcher.py - главный скрипт, запускающий весь ботнет config.py - в нём х

null 2 Jul 22, 2022
Discord Mass Report script that uses multiple tokens

Discord-Mass-Report Discord Mass Report script that uses multiple tokens, full credits to https://github.com/hoki0/Discord-mass-report who made it in

cChimney 4 Jun 8, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )
DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )

KARMA DDoS DDoS Script (DDoS Panel) with Multiple Bypass ( Cloudflare UAM,CAPTCHA,BFM,NOSEC / DDoS Guard / Google Shield / V Shield / Amazon / etc.. )

Hyuk 256 Jan 2, 2023
Python tool to Check running WebClient services on multiple targets based on @leechristensen
Python tool to Check running WebClient services on multiple targets based on @leechristensen

WebClient Service Scanner Python tool to Check running WebClient services on multiple targets based on @tifkin_ idea. This tool uses impacket project.

Pixis 153 Dec 28, 2022
This is a very easy to use tool developed in python that will search for free courses from multiple sites including youtube and enroll in the ones in which it can.
This is a very easy to use tool developed in python that will search for free courses from multiple sites including youtube and enroll in the ones in which it can.

Free-Course-Hunter-and-Enroller This is a very easy to use tool developed in python that will search for free courses from multiple sites including yo

Zain 12 Nov 12, 2022
We’re releasing an open-source tool you can use now, which we developed as a homemade Just-In-Time database access control tool for our sensitive database. This tool syncs with our directory service, slack, SIEM, and finally, our Apache Cassandra database.

Cassandra Access Control By Aner Izraeli - Intezer Security Manager ([email protected]) We’re releasing an open-source tool you can use now, which

Intezer Labs 6 Mar 31, 2022
Free python/telegram bot for easy execution and surveillance of crypto trading plans on multiple exchanges.
Free python/telegram bot for easy execution and surveillance of crypto trading plans on multiple exchanges.

EazeBot Introduction Have you ever traded cryptocurrencies and lost overview of your planned buys/sells? Have you encountered the experience that your

Marcel Beining 100 Dec 6, 2022
Releases(v0.2.1)
Owner
Emilio Reyes
Emilio Reyes
GitHub Repository
Twitch Linux Typer

Twitch Linux Typer The most cursed Twitch chat bot Listens to twitch chat, and then types it handles hotkeys and button presses via the ^ char, eg ctr

Robin Universe 4 Jun 27, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

3 Sep 08, 2021
With Google Drive API. My computer and my phone are in love now.

Channel trought Google Drive Google Drive API In this case, "Google Drive App" is the program. To install everything you need(has some extra things),

Luis Quiñones Requelme 1 Dec 15, 2021
NekoRobot-2 - Neko is An Anime themed advance Telegram group management bot.

NekoRobot A modular telegram Python bot running on python3 with an sqlalchemy, mongodb database. ╒═══「 Status 」 Maintained Support Group Included Free

Lovely Boy 19 Nov 12, 2022
Typed interactions with the GitHub API v3

PyGitHub PyGitHub is a Python library to access the GitHub API v3 and Github Enterprise API v3. This library enables you to manage GitHub resources su

5.7k Jan 06, 2023
Mass-unscrobble Last.fm scrobbles based on artist, track title, or time of day of the scrobble.

Unscrobbler This program is designed to mass-unscrobble Last.fm scrobbles based on artist, track title, or time of day of the scrobble. For example, i

Nathan 6 Nov 04, 2022
Defi PancakeSwap bot is programmed in Python to buy and sell tokens in seconds once the target is hit.

Defi PancakeSwap BOT A BOT that will make easy your life in Trading. Watch tutorial on Youtube Table of Contents About The Project Built With Getting

Zain Ullah 208 Jan 05, 2023
Available slots checker for Spanish Passport

Bot that checks for available slots to make an appointment to issue the Spanish passport at the Uruguayan consulate page

1 Nov 30, 2021
Discord bot for the IOTA Wiki

IOTA Wiki Bot Discord bot for the IOTA Wiki Report Bug · Request Feature About The Project This is a Discord bot for the IOTA Wiki. It's currently use

IOTA Community 2 Nov 14, 2021
Huggingface transformers for discord

disformers Huggingface transformers for discord base source butyr/huggingface-transformer-chatbots install pip install -U disformers example see examp

SpaceDEVofficial 1 Nov 09, 2021
Clippin n grafting Backend

Clipping' n Grafting Presenting you, 🎉 Clippin' n Grafting 🎉 , your very own ecommerce website displaying all your artsy-craftsy stuff. Not only the

Google-Developer-Student-Club-ISquareIT (GDSC I²IT) 2 Oct 22, 2021
Python app to notify via slack channel the status_code change from an URL

Python app to notify, via slack channel you choose to be notified, for the status_code change from the URL list you setup to be checked every yy seconds

Pedro Nunes 1 Oct 25, 2021
Telegram Bot to check covid vaccine slot availability on CoWin site

Cowin Assist Telegram Bot Check the bot here @cowinassistbot. This is a simple Telegram bot to Check slots availability Get an alert when slots become

32 Jun 21, 2022
Example of Telegram local API and aiogram 3.x

Telegram Local Full example of Telegram local application. Contains Telegram Bot API Local Telegram Bot API server based on aiogram Bot API Server ima

Oleg A. 9 Sep 16, 2022
Telegram 隨機色圖,支援每日自動爬取

Telegram 隨機色圖機器人 使用此原始碼的Bot 開放的隨機色圖機器人: @katonei_bot 已實現的功能 爬取每日R18排行榜 不夠色!再來一張 Tag 索引,指定Tag色圖 將爬取到的色圖轉為 WebP 格式儲存,節省空間 需要注意的事件 好久之前的怪東西,代碼質量不保證 請在使用A

cluckbird 15 Oct 18, 2021
Simple Craigslist wrapper

python-craigslist A simple Craigslist wrapper. License: MIT-Zero. Disclaimer I don't work for or have any affiliation with Craigslist. This module was

Julio M. Alegria 370 Dec 22, 2022
Dicha herramienta esta creada con una api... esta api permite enviar un SMS cada 12 horas dependiendo del pais... Hay algunos paises y operadoras no están soportados.

SMSFree pkg install python3 pip install requests git clone https://github.com/Hidden-parker/SMSFree cd SMSFree python sms.py DISFRUTA... Dicha herrami

piter 2 Nov 14, 2021
Código para trabalho com o dataset Wine em Python

Um perceptron multicamadas (MLP) é uma rede neural artificial feedforward que gera um conjunto de saídas a partir de um conjunto de entradas. Um MLP é

Hemili Beatriz 1 Jan 08, 2022
(@Tablada32BOT is my bot in twitter) This is a simple bot, its main and only function is to reply to tweets where they mention their bot with their @

Remember If you are going to host your twitter bot on a page where they can read your code, I recommend that you create an .env file and put your twit

3 Jun 04, 2021
BSDotPy, A module to get a bombsquad player's account data.

BSDotPy BSDotPy, A module to get a bombsquad player's account data from bombsquad's servers. Badges Provided By: shields.io Acknowledgements Issues Pu

Rudransh Joshi 3 Feb 17, 2022