Github Scraper For Static Code Analysis
This script is only able to be ran against specific user repositories in its current form.
Search for all instances of mysql_query() in Microsoft repositories:
python3 github_autopwn.py --org Microsoft --query "mysql_query"
python3 github_autopwn.py -o Microsoft -q "mysql_query"Search for all instances of every indicator in indicator.py in Docker repositories:
python3 github_autopwn.py --org Docker --autopwn
python3 github_autopwn.py -o Docker -aIndicators are not 100% accurate, so there is still a need for manual investigative effort to confirm if a bug exists or not.
Attempt printing out all code snippets for found indicators in all of ethicalhack3r's repositories:
python3 github_autopwn.py --org ethicalhack3r --autopwn --get-code
python3 github_autopwn.py -o ethicalhack3r -a -gExample of this functionality using the --query argument:
indicators.py was taken from swissykyrepo. If you would like to find out more about his Vulny-Code-Static-Analysis project you can reach him on his twitter here: pentest_swissky
This project is, unfortunately, banned from use for Offensive Security's OSWE exam.
- (maybe) add function to open an issue with author if a bug is found
- Fix regex finding code-snippets in detected files so results are not duplicated
- Explore searchcode.com functionality
- Build optional auth to search globally/add to rate-limit