Monitor GitHub events.
Go to file
agatha 75ae245d40 Adjust sleep back to 5 2023-11-11 15:42:23 -05:00
.img Update screenshot 2023-11-11 14:37:03 -05:00
gitmon Handle KeyErrors in __parse_headers. Closes #9 2023-11-11 15:33:18 -05:00
.gitignore Exclude configuration 2023-11-10 21:33:46 -05:00 Update 2023-11-11 11:46:13 -05:00 Adjust sleep back to 5 2023-11-11 15:42:23 -05:00
requirements.txt Add loguru for logging 2023-11-10 20:35:04 -05:00


Monitor GitHub events and clone repositories to search for secrets, and more.

Console output


GitMon allows an operator to continually monitor the GitHub Events API to collect metadata and look for secret leakage.

When certain events such as CreateEvent or DeleteEvent are observed, GitMon will send the repository URL to a worker that will clone the repository and search for API keys, passwords, endpoints, and more.

GitMon will also build a table that maps commit email addresses to GitHub usernames.


  • Monitor for CreateEvent and DeleteEvent
  • Commit metadata scraping (Not implemented yet)
  • Automatic secret scraping (Not implemented yet)
  • IRC/Webhook notifications (Not implemented yet)


git clone
cd gitmon
pip install -r requirements.txt


GitMon works best with a token. Without a token you are limited to 60 API calls per hour. Creating and using a Personal Access Token will raise that limit to 60,000 API calls per hour.

To use a Personal Access Token, create a file:

token = 'ghp_YOUR_TOKEN_HERE'

Caught Slippin'

Deleted GitHub token

Cloud creds


  • agathanonymous