There are several tools for GitHub sensitive information leakage monitoring. At present, GitHub token is basically used to search and match keywords. Common ones include GSIL, GShark, hawkeye, Github-Monitor, etc. Since there are open source projects, there is generally no need to reinvent the wheel.
Here is the last VKSRC open source Github-Monitor, project address: https://github.com/VKSRC/Github-Monitor
You can refer to the documentation for basic installation. Here we take docker as an example to explain.
First install docker, docker-compose
1. Pull down the project source code,
git clone https://github.com/VKSRC/Github-Monitor.git
2. Modify the configuration file,
First copy the root directory .env.docker
and rename it , and modify the and configuration .env
in it . These two configurations control the email reminder and the initial management account password respectively.Email Settings
initial Administrator
Note: If the address to be accessed is not 127.0.0.1
or localhost
, you need to modify ALLOWED_HOST
the parameter and add the access address to it, such as:ALLOWED_HOSTS="127.0.0.1,localhost,github.sec.vipkid.com.cn"
3. Start docker, it will take a long time for the first installation,
docker-compose up -d
Visit http://127.0.0.1:8001 to see the page.
4. Modify the startup port If you want to modify the startup port, you can modify the ports of the web container in the docker-compose.yaml file. The default is 8001:80. For example, if you want to modify the port to 8080, you can change it to 8080:80. To use it, open the web interface directly, first set the GitHub token value, and then add a search monitoring task, and the monitoring results will appear after a while.