Skip to content

Github API Integration

xer0dayz edited this page Sep 21, 2020 · 3 revisions

To enable Github API integration via Sn1per, you must create your Github API token by going here: https://github.com/settings/tokens. If you already have a Github API token, you will need to update /root/.sniper_api_keys.conf with the following value:

GITHUB_API_KEY="_____ENTER YOUR API KEY HERE_____"

Next, add the following value to your /root/.sniper.conf file:

GITHUB_SUBDOMAINS="1"

You can then run "recon" mode to pull all discovered sub-domains from Github (ie. sniper -t website.com -m stealth -re -w website.com).

If you want to enable automated Github leak searches, you need to edit your /usr/share/sniper/plugins/gitGraber/config.py file with your API tokens for Github/Slack/Telegram, etc.

GITHUB_TOKENS = ['_____ENTER YOUR API KEY HERE_____']
GITHUB_URL_FILE = 'rawGitUrls.txt'
GITHUB_API_URL = 'https://api.github.com/search/code?q='
GITHUB_API_COMMIT_URL = 'https://api.github.com/repos/'
GITHUB_SEARCH_PARAMS = '&sort=indexed&o=desc'
GITHUB_BASE_URL = 'https://github.com'
GITHUB_MAX_RETRY = 10
SLACK_WEBHOOKURL = 'https://hooks.slack.com/services/___YOUR CUSTOM WEBHOOK URL HERE___'
TELEGRAM_CONFIG = {
    "token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "chat_id": -999999999999999
}

You can then run "OSINT" mode to search for sensitive info on Github (ie. sniper -t website.com -m stealth -o -w website.com).