How it works
Gitrob first starts collecting all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a list of repositories that might be related or have relevance to the organization. When the list of repositories has been compiled, it proceeds to gather all the filenames in each repository and runs them through a series of observers that will flag the files, if they match any patterns of known sensitive files. This step might take a while if the organization is big or if the members have a lot of public repositories. All of the members, repositories and files will be saved to a PostgreSQL database. When everything has been sifted through, it will start a Sinatra web server locally on the machine, which will serve a simple web application to present the collected data for analysis. Henriksen tested the tool against a number of GitHub organizations belonging big and small firms and found surprising results. “The tool found several interesting things ranging from low-level, to bad and all the way to company-destroying kind of information disclosure,” he noted, adding that he notified the companies in question of this so that they can remove the information in question.
If you like my blog, Please Donate Me
Or Click The Banner For Support Me.