- NOTE: please Set github oauth token in environment variable
GITHUB_TOKEN
export GITHUB_TOKEN=[oauth token]
pip install BuildScour
python -m BuildScour [-h] [-l LINK] [-v] [-A] [--log LOG] [-o OUTPUT]
git clone https://github.com/darshkpatel/BuildScour && cd BuildScour
python BuildScour.py [-h] [-l LINK] [-v] [-A] [--log LOG] [-o OUTPUT]
usage: BuildScour [-h] [-l LINK] [-v] [-A] [--log LOG] [-o OUTPUT]
Scour CI Build Logs
optional arguments:
-h, --help show this help message and exit
-l LINK organizations github handle
-v Show verbose output
-A Scan organizations peoples profile too
--log LOG store output in file
-o OUTPUT stores retrived log files in folder
To Scour RocketChat
's github repositories:
python BuildScour.py -l RocketChat -A -o ./BuildLogs/ --log rocket.log
python -m BuildScour.py RocketChat -A -o ./BuildLogs/ --log rocket.log
After getting saving all the logs locally, you can analyze the logs manually or use grep to find sensitive information.
There are a couple of word lists containing common environment variables containing API keys and passwords in the Keywords
folder.