New tool, Gitrob, exposes GitHub vulnerabilities

An application security specialist from Berlin, Michael Henriksen, has developed Gitrob - an open source intelligence command-line tool to help online code repositories, such as GitHub, protect sensitive company and project information from hackers. Girrob works by searching an organisation's files for potentially sensitive, non-public information and running them against pre-determined patterns. Specifically designed plug-ins, which Henriksen calls “Observers,” flag files matching certain patterns, which are then screened manually.

According to online news sources, Henriksen found a wide range of information using Gitrob when he tested the tool against a number of GitHub repositories. Information that could be exploited by cyber-criminals, such as username-password combinations, email addresses and internal system mappings, were uncovered.

Cyber-security teams in various organisations could periodically use the tool to survey their repositories for potentially vulnerable or exposed files and take protective measures, Henriksen commented in a blog entry. He continued: “I am not aware of any tool that specifically targets GitHub organisations like Gitrob does.”