Pown Git is a comprehensive security scanning and testing solution for git repostories.
Some signatures were borrowed or heavily inspired by the following projects:
- gitgit - https://github.com/zricethezav/gitgit
- shhgit - https://github.com/eth0izzle/shhgit
This tool is part of secapps.com open-source initiative.
___ ___ ___ _ ___ ___ ___
/ __| __/ __| /_\ | _ \ _ \/ __|
\__ \ _| (__ / _ \| _/ _/\__ \
|___/___\___/_/ \_\_| |_| |___/
https://secapps.com
This tool is meant to be used as part of Pown.js, but it can be invoked separately as an independent tool.
Install Pown first as usual:
$ npm install -g pown@latest
Install git:
$ pown modules install @pown/git
Invoke directly from Pown:
$ pown git
Install this module locally from the root of your project:
$ npm install @pown/git --save
Once done, invoke pown cli:
$ POWN_ROOT=. ./node_modules/.bin/pown-cli git
You can also use the global pown to invoke the tool locally:
$ POWN_ROOT=. pown git
WARNING: This pown command is currently under development and as a result will be subject to breaking changes.
pown-cli git <command>
Git security toolkit
Commands:
pown-cli git clone <uri> [dir] Clone git repository [aliases: c]
pown-cli git people <repo> Extract all authors and committers in repository [aliases: p]
pown-cli git leaks <repo> Search for leaks in git repository [aliases: l, leak]
Options:
--version Show version number [boolean]
--help Show help [boolean]
pown-cli git clone <uri> [dir]
Clone git repository
Options:
--version Show version number [boolean]
--help Show help [boolean]
--ref, -r Which branch to checkout. By default this is the designated "main branch" of the repository. [string]
--depth, -d Determines how much of the git repository's history to retrieve. [number] [default: 10000]
--singleBranch, -b Instead of the default behavior of fetching all the branches, only fetch a single branch. [boolean] [default: true]
--githubKey GitHub API Key. The key is either in the format username:password or username:token. [string]
pown-cli git leaks <repo>
Search for leaks in git repository
Options:
--version Show version number [boolean]
--help Show help [boolean]
--ref, -r Which branch to scan. By default this is the designated "main branch" of the repository. [string]
--depth, -d Determines how much of the git repository's history to retrieve. [number] [default: Infinity]
--concurrency, -c Number of workers. [number] [default: 10]
--severity, -s Miminum severity level. [number] [default: 0]
--write, -w Write results to file. [string]
pown-cli git people <repo>
Extract all authors and committers in repository
Options:
--version Show version number [boolean]
--help Show help [boolean]
--ref, -r Which branch to scan. By default this is the designated "main branch" of the repository. [string]
--depth, -d Determines how much of the git repository's history to retrieve. [number] [default: Infinity]
--write, -w Write results to file. [string]
See pown/leaks for instructions to how extend the leaks database.