# GitMon Monitor GitHub events and clone repositories to search for secrets, and more. ![Console output](.img/console-output.png) ## Overview GitMon allows an operator to continually monitor the [GitHub Events API](https://docs.github.com/en/rest/activity/events) to collect metadata and look for secret leakage. When certain events such as _CreateEvent_ or _DeleteEvent_ are observed, GitMon will send the repository URL to a worker that will clone the repository and search for API keys, passwords, endpoints, and more. GitMon will also build a table that maps commit email addresses to GitHub usernames. ## Installation ```shell git clone https://git.juggalol.com/agatha/gitmon cd gitmon pip install -r requirements.txt ``` ## Configuration GitMon works best with a token. Without a token you are limited to 60 API calls per hour. Creating and using a Personal Access Token will raise that limit to 60,000 API calls per hour. To use a Personal Access Token, create a `config.py` file: ``` token = 'gh_YOUR_TOKEN_HERE' ``` ## Caught Slippin' ![Deleted GitHub token](.img/slippin-ght.png) ![Cloud creds](.img/slippin-db.png) ## Contributors - agathanonymous