Monitor Github sensitive information leaks in near real time and send alert notifications.
Python3(Python2 is not tested)
$ git clone https://github.com/FeeiCN/GSIL.git $ cd GSIL/ $ pip install -r requirements.txtGSIL/config.gsil(Copy config.gsil.cfg.example to config.gsil.cfg): Alarm mailbox and Github configuration
[mail] host : smtp.exmail.qq.com # SMTP port (Not SSL port, but will use TLS encryption) port : 25 # Multiple senders are separated by comma (,) mails : gsil@domain.com from : GSIL password : your_password # Multiple recipients are separated by comma (,) to : feei@feei.cn [github] # Whether the scanned data will be cloned to the local area immediately # Clone to ~/.gsil/codes/ directory clone: false # Github Token, multiple tokens are separated by comma (,) # https://github.com/settings/tokens tokens : your_token Generally, The best rule is the characteristic code of the intranet(Example: mogujie's extranet is
mogujie.com, intranet ismogujie.org. At this time,mogujie.orgcan be used as a rule)
There are other similar code head characteristic code, external mailbox characteristic code, and so on
| field | meaning | optional | default | describe |
|---|---|---|---|---|
| keyword | key word | required | - | When multiple keywords are used, space segmentation is used(Example: 'username password'), When you need a precise search, use double(Example: "quotesele.me") |
| ext | file suffix | optional | all suffixes | Multiple suffixes are separated by comma(Example: java,php,python) |
| mode | matching mode | optional | normal-match | normal-match(The line that contains the keyword is matched, and the line near the line is matched) / only-match(Only the lines that match the key words) / full-match(Not recommended for use)(The search results show the entire file) |
{ # usually using the company name, used as the first parameter to open the scan(Example:`python gsil.py test`) "test": { # General use of product name "mogujie": { # Internal domain name of the company "\"mogujie.org\"": { # mode/ext options no need to configure by default "mode": "normal-match", "ext": "php,java,python,go,js,properties" }, # Company code's characteristic code "copyright meili inc": {}, # Internal host domain name "yewu1.db.mogujie.host": {}, # External mailbox "mail.mogujie.com": {} }, "meilishuo": { "meilishuo.org": {}, "meilishuo.io": {} } } } $ python gsil.py test # Verify tokens validity $ python gsil.py --verify-tokens$ crontab -e # Run every hour 0 * * * * /usr/bin/python /var/app/GSIL/gsil.py test > /tmp/gsil # Send a statistical report at 11 p. m. every night 0 23 * * * /usr/bin/python /var/app/GSIL/gsil.py --report- Once the scan report will not repeat the report, the cache records in ~/.gsil/ directory *