SkillAgentSearch skills...

GitHush

Detecting leaked secrets, API keys, credentials, and sensitive files from public repositories in near real-time using the GitHub Events API

GenerateConvertImprove

Install / Use

/learn @Stuub/GitHush
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

GitHush: <i>Who needs Git Blame?</i>

image

Bottom Line Up front (BLUF)

Setting our bait in the Github Events REST API to wait for the secrets to roll in :D

<i>Yes, it's that easy...</i>

How Do I Use It?

git clone https://github.com/Stuub/GitHush && cd GitHush
pip3 install -r requirements.txt
python3 GitHush.py --github-token <Your_Access_Token>
# OR
python3 GitHush.py  # Falls back to environment variable for personal access token

Verbatim

GitHush leverages the GitHub Events API to passively monitor public repository activity for inadvertent exposure of secrets and credentials in near real-time. The tool automates the detection of sensitive information disclosures using targeted regular expression (regex) patterns, fetching content from commits, pull requests, and database files.

How it works

  • Polls https://api.github.com/events using a personal access token (PAT), respecting GitHub’s unauthenticated rate limit of 60 req/hr or 5,000 req/hr with a token.

  • Parses PushEvent and PullRequestEvent types, extracting commit and file URLs from payloads.

  • Fetches file content or downloads .db files for SQLite inspection.

  • Uses a curated set of regex signatures to detect:

    AWS Auth Keys
JWT Tokens
OpenAI API Keys
SSH Pub & Private keys
Plaintext passwords
Email Addresses
OIDC Tokens
Sensitive files (wp-config.php, phpmailer.php, .env, etc.)
SMTP Credentials
Database connection strings + extracting db info

  • Dumps output to JSONL with commit SHA, repo info, file names, and matched secrets.

Notable Features

🔍 High-Signal Filtering: Matches include context-based patterns (e.g., define('DB_USER'...) or $mail->Password = ...)

🗄️ DB-Aware Scanning: Discovered & Extracted DB files are parsed, queried, and analysed dynamically.

🧪 Regex Library: Includes patterns for over 20 common credential formats (feel free to send me more >:D).

📦 JSONL Logging: Structured output allows easy integration with threat intelligence pipelines or SIEMs.

🧰 Language/Framework-Aware: Recognizes secrets in PHP, Python, Node.js, CI/CD files, etc.

Proof of Concept (PoC)

Email Addresses

githushEmail

Passwords

GitHushPassword

SSH Keys

image

API Keys

githushOpenAI

Database Connection Strings

GithushSQLDB

Contributions Welcome!

If you have any suggestions, regex ideas, or issues, feel free to make a PR or Issue and I'll be sure to check it out.

Otherwise, my socials:

- X

- https://stuub.dev

- LinkedIn

- Coffee!

Stuub

View profile

View on GitHub
GitHub Stars31
CategoryDevelopment
Updated1mo ago
Forks3
Stuub/GitHush

Languages

Python

Security Score

80/100

Audited on Feb 22, 2026

No findings