GitHound is a GitHub reconnaissance tool that leverages the GitHub Code Search API to find exposed API keys and sensitive information across all public GitHub repositories using pattern matching and commit history analysis.
GitHub recon tool leveraging Code Search API. Scans for exposed API keys across all of GitHub, not just known repos and orgs. Support for GitHub dorks.
GitHound is primarily used by security professionals, bug bounty hunters, and organizations to detect exposed API keys and sensitive data on GitHub at scale, beyond known repositories or organizations. It helps identify leaked credentials and secrets to prevent potential security breaches and automate vulnerability discovery.
GitHound requires a valid GitHub API token configured in config.yml or via environment variables. It supports two-factor authentication with options to supply OTP codes or 2FA seeds to avoid repeated prompts. Users should be aware of GitHub API rate limits and use the scoring system to reduce false positives. The Web Dashboard feature requires an Insert Key and offers enhanced result filtering and cloud scanning capabilities.
Download the latest version of GitHound from https://github.com/tillson/git-hound/releases using wget or a web browser
Ensure a GitHub API key is set in the config.yml file located in the current directory or $HOME/.githound/
Run ./git-hound from the directory containing the executable to test the installationecho "AKIA" | git-hound
Searches GitHub for the string 'AKIA', commonly used in AWS API keys
git-hound --query "AKIA"
Performs a GitHub code search for the query 'AKIA'
git-hound --dashboard
Runs GitHound with the Web Dashboard for real-time visualization and management of results
echo "api.halcorp.biz" | git-hound --dig-files --dig-commits --many-results --rules halcorp-api-regexes.txt --results-only | python halapitester.py
Example pipeline to search for custom API keys, dig into files and commits, filter results, and test keys with a custom script