New tool, Gitrob, exposes GitHub vulnerabilities

News by Ava Fedorov

An application security specialist from Berlin, Michael Henriksen, has developed Gitrob - an open source intelligence command-line tool to help online code repositories, such as GitHub, protect sensitive company and project information from hackers. Girrob works by searching an organisation's files for potentially sensitive, non-public information and running them against pre-determined patterns. Specifically designed plug-ins, which Henriksen calls “Observers,” flag files matching certain patterns, which are then screened manually.

According to online news sources, Henriksen found a wide range of information using Gitrob when he tested the tool against a number of GitHub repositories. Information that could be exploited by cyber-criminals, such as username-password combinations, email addresses and internal system mappings, were uncovered.

Cyber-security teams in various organisations could periodically use the tool to survey their repositories for potentially vulnerable or exposed files and take protective measures, Henriksen commented in a blog entry. He continued: “I am not aware of any tool that specifically targets GitHub organisations like Gitrob does.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews