To enable Github API integration via Sn1per Professional or Enterprise, you must create your Github API token by going here: https://github.com/settings/tokens. If you already have a Github API token, you will need to create and update the /root/.sniper_api_keys.conf and add the following value:
GITHUB_API_KEY="_____ENTER YOUR API KEY HERE_____"
Next, update the following values to your Sn1per configuration template under the /sniper/conf/ directory:
RECON="1"
GITHUB_SUBDOMAINS="1"
GITHUB_ENDPOINTS="1"You can then run a scan by selecting the configuration template you edited in the previous step to pull all discovered sub-domains and endpoints from Github.
If you want to enable automated Github leak searches, you need to edit your /usr/share/sniper/plugins/gitGraber/config.py file with your API tokens for Github/Slack/Telegram, etc.
GITHUB_TOKENS = ['_____ENTER YOUR API KEY HERE_____']
GITHUB_URL_FILE = 'rawGitUrls.txt'
GITHUB_API_URL = 'https://api.github.com/search/code?q='
GITHUB_API_COMMIT_URL = 'https://api.github.com/repos/'
GITHUB_SEARCH_PARAMS = '&sort=indexed&o=desc'
GITHUB_BASE_URL = 'https://github.com'
GITHUB_MAX_RETRY = 10
SLACK_WEBHOOKURL = 'https://hooks.slack.com/services/___YOUR CUSTOM WEBHOOK URL HERE___'
TELEGRAM_CONFIG = {
"token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"chat_id": -999999999999999
}
Next, update the following values to your Sn1per configuration template under the /sniper/conf/ directory:
OSINT="1"
GITHUB_SECRETS="1"You can then run a scan by selecting the configuration template you edited in the previous step to search Github for secrets.