Genesis.

Author: Michael Henriksen

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,29 @@
+Hey there and thank you for using the issue tracker!
+
+## Checklist before filing an issue:
+
+- [ ] Is this something you can **debug and fix**? Send a pull request! Bug fixes and documentation fixes are welcome.
+- [ ] Have a usage question? Ask your question on [StackOverflow](http://stackoverflow.com), [StackExchange Security](https://security.stackexchange.com) or similar platform.
+- [ ] Have an idea for a feature? Make sure that it hasn't been suggested before and describe your idea in detail.
+
+## None of the above? create a bug report
+
+Make sure to add **all the information needed to understand the bug** so that someone can help. If information is missing, the issue will be labeled with 'Needs more information' and closed until there is enough information.
+
+## Expected Behavior
+
+
+## Actual Behavior
+
+
+## Steps to Reproduce the Problem
+
+  1.
+  2.
+  3.
+
+## Specifications
+
+  - Gitrob version:
+  - Operating system:
+  - Go version:

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+**IMPORTANT: Please do not create a Pull Request without creating an issue first.**
+
+*Any change needs to be discussed before proceeding. Failure to do so may result in the rejection of the pull request.*
+
+Please provide enough information so that others can review your pull request:
+
+<!-- You can skip this if you're fixing a typo or similar tiny fix. -->
+
+Explain the **details** for making this change. What existing problem does the pull request solve?
+
+<!-- Example: When "Adding a function to do X", explain why it is necessary to have a way to do X. -->
+
+**Closing issues**
+
+Put `closes #XXXX` in your comment to auto-close the issue that your PR fixes (if such).

.gitignore

@@ -0,0 +1,82 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+gitrob
+gitrob.exe
+
+build
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dropbox settings and caches
+.dropbox
+.dropbox.attr
+.dropbox.cache
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+
+# TextMate
+*.tmproj
+*.tmproject
+tmtags
+
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk

CHANGELOG.md

@@ -0,0 +1,24 @@
+
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## 2.0.0-beta - 2018-06-08
+### Added
+- Total rewrite of Gitrob in [Golang](https://golang.org/)
+- Find interesting files in history down to a default (and configurable) depth of 500 commits
+- Hexdump view for binary files
+- Saving and loading of session files for easy sharing
+
+### Removed
+- All the stupid Rubygems with native extensions
+- PostgreSQL dependency
+- Messy assessment comparison feature
+- User overview
+- Repository overview
+
+[Unreleased]: https://github.com/michenriksen/gitrob/compare/v2.0.0-beta...HEAD

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Michael Henriksen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,66 @@
+# Gitrob: Putting the Open Source in OSINT
+
+Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis.
+
+## Usage
+
+    gitrob [options] target [target2] ... [targetN]
+
+### Options
+
+```
+-bind-address string
+    Address to bind web server to (default "127.0.0.1")
+-commit-depth int
+    Number of repository commits to process (default 500)
+-debug
+    Print debugging information
+-github-access-token string
+    GitHub access token to use for API requests
+-load string
+    Load session file
+-no-expand-orgs
+    Don't add members to targets when processing organizations
+-port int
+    Port to run web server on (default 9393)
+-save string
+    Save session to file
+-silent
+    Suppress all output except for errors
+-threads int
+    Number of concurrent threads (default number of logical CPUs)
+```
+
+### Saving session to a file
+
+By default, gitrob will store its state for an assessment in memory. This means that the results of an assessment is lost when Gitrob is closed. You can save the session to a file by using the `-save` option:
+
+    gitrob -save ~/gitrob-session.json acmecorp
+
+Gitrob will save all the gathered information to the specified file path as a special JSON document. The file can be loaded again for browsing at another point in time, shared with other analysts or parsed for custom integrations with other tools and systems.
+
+### Loading session from a file
+
+A session stored in a file can be loaded with the `-load` option:
+
+    gitrob -load ~/gitrob-session.json
+
+Gitrob will start its web interface and serve the results for analysis.
+
+## Installation
+
+A [precompiled version is available](https://github.com/michenriksen/gitrob/releases) for each release, alternatively you can use the latest version of the source code from this repository in order to build your own binary.
+
+Make sure you have a correctly configured **Go >= 1.8** environment and that `$GOPATH/bin` is in your `$PATH`
+
+    $ go get github.com/michenriksen/gitrob
+
+This command will download gitrob, install its dependencies, compile it and move the `gitrob` executable to `$GOPATH/bin`.
+
+### Github access token
+
+Gitrob will need a Github access token in order to interact with the Github API.  [Create a personal access token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) and save it in an environment variable in your `.bashrc` or similar shell configuration file:
+
+    export GITROB_ACCESS_TOKEN=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
+
+Alternatively you can specify the access token with the `-github-access-token` option, but watch out for your command history!

build.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+BUILD_FOLDER=build
+VERSION=$(cat core/banner.go | grep Version | cut -d '"' -f 2)
+
+bin_dep() {
+  BIN=$1
+  which $BIN > /dev/null || { echo "[-] Dependency $BIN not found !"; exit 1; }
+}
+
+create_exe_archive() {
+  bin_dep 'zip'
+
+  OUTPUT=$1
+
+  echo "[*] Creating archive $OUTPUT ..."
+  zip -j "$OUTPUT" gitrob.exe ../README.md ../LICENSE.txt > /dev/null
+  rm -rf gitrob gitrob.exe
+}
+
+create_archive() {
+  bin_dep 'zip'
+
+  OUTPUT=$1
+
+  echo "[*] Creating archive $OUTPUT ..."
+  zip -j "$OUTPUT" gitrob ../README.md ../LICENSE.md > /dev/null
+  rm -rf gitrob gitrob.exe
+}
+
+build_linux_amd64() {
+  echo "[*] Building linux/amd64 ..."
+  GOOS=linux GOARCH=amd64 go build -o gitrob ..
+}
+
+build_macos_amd64() {
+  echo "[*] Building darwin/amd64 ..."
+  GOOS=darwin GOARCH=amd64 go build -o gitrob ..
+}
+
+build_windows_amd64() {
+  echo "[*] Building windows/amd64 ..."
+  GOOS=windows GOARCH=amd64 go build -o gitrob.exe ..
+}
+
+rm -rf $BUILD_FOLDER
+mkdir $BUILD_FOLDER
+cd $BUILD_FOLDER
+
+build_linux_amd64 && create_archive gitrob_linux_amd64_$VERSION.zip
+build_macos_amd64 && create_archive gitrob_macos_amd64_$VERSION.zip
+build_windows_amd64 && create_exe_archive gitrob_windows_amd64_$VERSION.zip
+shasum -a 256 * > checksums.txt
+
+echo
+echo
+du -sh *
+
+cd --

core/banner.go

@@ -0,0 +1,13 @@
+package core
+
+const (
+  Name        = "gitrob"
+  Version     = "2.0.0-beta"
+  Author      = "Michael Henriksen"
+  Website     = "https://github.com/michenriksen/gitrob"
+  ASCIIBanner = "        _ __           __\n" +
+    "  ___ _(_) /________  / /\n" +
+    " / _ `/ / __/ __/ _ \\/ _ \\\n" +
+    " \\_, /_/\\__/_/  \\___/_.__/\n" +
+    "/___/ by @michenriksen"
+)