Listing git repository from URL/User/Org

Last update: Dec 20, 2022

Comments: 3

Listing git repository from URL/User/Org

This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user.

This can be used for various actions such as scanning or cloning for multiple repositories.

🚧 NOTICE
For unauthenticated requests in github api, the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originating IP address, and not the user making requests. https://docs.github.com/en/rest/overview/resources-in-the-rest-api

So too many tasks can be blocked by the API for a certain time from github. In this case, you can select the appropriate destination or access and use any IP using the torsocks(e.g torsocks gitls -l user.list) or -tor options.

Installation

From go-get

$ go get -u github.com/hahwul/gitls

Using homebres

$ brew tap hahwul/gitls
$ brew install gitls

Using snapcraft

$ sudo snap install gitls

Usage

Usage of gitls:
  -l string
    	List of targets (e.g -l sample.lst)
  -o string
    	write output file (optional)
  -proxy string
    	using custom proxy
  -tor
    	using tor proxy / localhost:9050
  -version
    	version of gitls

Case Study

Make all repo urls from repo/org/user urls

sample.lst

https://github.com/hahwul
https://github.com/tomnomnom/gron
https://github.com/tomnomnom/httprobe
https://github.com/s0md3v

make repo url list from sample file

$ gitls -l sample.lst
https://github.com/hahwul/a2sv
https://github.com/hahwul/action-dalfox
https://github.com/hahwul/asset-of-hahwul.com
https://github.com/hahwul/awesome-zap-extensions
https://github.com/hahwul/backbomb
https://github.com/hahwul/booungJS
https://github.com/hahwul/buildpack-nmap
https://github.com/hahwul/buildpack-zap-daemon
https://github.com/hahwul/can-i-protect-xss
https://github.com/hahwul/cyan-snake
https://github.com/hahwul/dalfox
https://github.com/hahwul/DevSecOps
https://github.com/hahwul/droid-hunter
https://github.com/hahwul/exploit-db_to_dokuwiki
https://github.com/hahwul/ftc
https://github.com/hahwul/gitls
https://github.com/hahwul/go-github-selfupdate-patched
https://github.com/hahwul/hack-pet
...snip...
https://github.com/hahwul/zap-cloud-scan
https://github.com/tomnomnom/gron
https://github.com/tomnomnom/httprobe
https://github.com/s0md3v/Arjun
https://github.com/s0md3v/AwesomeXSS
https://github.com/s0md3v/Blazy
https://github.com/s0md3v/Bolt
...snip...
https://github.com/s0md3v/velocity
https://github.com/s0md3v/XSStrike
https://github.com/s0md3v/Zen
https://github.com/s0md3v/zetanize

Automated testing with gitleaks

$ gitls -l sample.lst | xargs -I % gitleaks --repo-url=% -v

All clone target's repo

$ echo "https://github.com/paypal" | gitls | xargs -I % git clone %

Contributors

Owner

HAHWUL

Security Engineer and Developer and H4cker

https://github.com/hahwul/gitls

Similar Resources

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

DirDar v1.0 Description 🏴‍☠️ bypass forbidden directories - find and identify dir listing - you can use it as directory brute-forcer as well Compatab

Jan 1, 2023

LinkPage is a FOSS self-hosted alternative to link listing websites such as LinkTree and Campsite.bio

LinkPage LinkPage is a FOSS self-hosted alternative to link listing websites such as LinkTree and Campsite.bio Features Self hostable and open source

Dec 22, 2022

Go terminal app listing open pull requests in chosen GitHub repositories

go-pr-watcher About Shows open pull requests on configured GitHub repositories. Getting started Create GitHub personal token with read permissions Cre

Aug 23, 2022

Simple cli minecraft server listing

mclist $ mclist example.com example.com:25565: Server: 1.18.1 Protocol: 757 Description: example 1.18 survival Players: 1/20 - [Villager] a05deec0-7a0

Dec 27, 2021

Lobby - A Nox game lobby which exposes a simple HTTP API for both listing and registering Nox game servers

Nox lobby server This project provides a Nox game lobby which exposes a simple H

Mar 6, 2022

📇 Go package and CLI tool for listing OUIs.

manuf Go package and CLI tool for listing OUIs. Install $ go install github.com/picatz/manuf@latest ... Usage The manuf CLI tool can be used with tool

Feb 7, 2022

This is repository for Simple HTTP GET golang app that counts standard deviation from random.org integers

Simple Get Deviation App This is repository for Simple HTTP GET golang app that counts standard deviation from random.org integers IMPORTANT: Because

Jan 10, 2022

:steam_locomotive: Decodes url.Values into Go value(s) and Encodes Go value(s) into url.Values. Dual Array and Full map support.

Package form Package form Decodes url.Values into Go value(s) and Encodes Go value(s) into url.Values. It has the following features: Supports map of

Dec 26, 2022

High-Performance Shortlink ( Short URL ) app creator in Golang. For privacy reasons, you may prefer to host your own short URL app and this is the one to use.

About The Project Shortlink App in Golang Multiple Node based Architecture to create and scale at ease Highly performant key-value storage system Cent

Jan 3, 2023

Comments

Can't Run -tor

When i type command : gitls -l sample.lst -tor

-tor error

output:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x40 pc=0x104cc1214]

goroutine 1 [running]:
github.com/hahwul/gitls/pkg/modules.GetRepoListFromUser({0x1400014608b, 0x5}, {0x14000146080, 0xa}, {{0x0, 0x0}, 0x1, {0x0, 0x0}, 0x1})
	/Users/ibnufachrizal/go/pkg/mod/github.com/hahwul/[email protected]/pkg/modules/github.go:74 +0x1c4
github.com/hahwul/gitls/pkg/modules.CheckURL({0x14000146078, 0x18}, {{0x0, 0x0}, 0x1, {0x0, 0x0}, 0x1})
	/Users/ibnufachrizal/go/pkg/mod/github.com/hahwul/[email protected]/pkg/modules/check.go:31 +0x104
main.main()
	/Users/ibnufachrizal/go/pkg/mod/github.com/hahwul/[email protected]/main.go:50 +0x330

Warning: Calling bottle :unneeded is deprecated! There is no replacement.

Please report this issue to the hahwul/gitls tap (not Homebrew/brew or Homebrew/core): /usr/local/Homebrew/Library/Taps/hahwul/homebrew-gitls/Formula/gitls.rb:9
Update golang installation to match the newer versions
After golang updates, go get is no longer used outside modules, That breaks gitls installation, I updated it to use go install and @latest version as mentioned on golang documentation

Listing git repository from URL/User/Org

Installation

From go-get

Using homebres

Using snapcraft

Usage

Case Study

Make all repo urls from repo/org/user urls

Automated testing with gitleaks

All clone target's repo

Contributors

Owner

HAHWUL

Similar Resources

Comments

Can't Run -tor

Warning: Calling bottle :unneeded is deprecated! There is no replacement.

Update golang installation to match the newer versions

Related tags

🏮 ― Blazing fast URL shortener made with simplicity in mind

Configuration based URL shortner useful for on page 301 redirects

Utility package that provides the ability to more conveniently work with URL parameters.

Yet another semantic version incrementor and tagger for git

Go scripts for finding an API key / some keywords in repository

🏠 The opensource repository of Edgeless PE Project

A simple cli tool for switching git user easily inspired by Git-User-Switch

Gum - Git User Manager (GUM) - Switch between git user profiles

Github-org-diff - Simple CLI tool to check a diff between 2 branches of all org repos

A URL shortener using http://is.gd/ and the Go programming language (http://golang.org/)