Saturday, 22 June 2013

Operation scavenger

Following my talk last year at Ruxcon on Monitoring repositories for fun and profit,  a friend suggested me that I should look into files that gets added to a git repository and deleted in the next few commits... Operating scavenger was born.

How to do it

Since adding files is fairly common in a git repository, I decided to work the other way around, search for deleted files and see if they have been added in the last 3 commits.

Github provides a nice API that you can use to retrieve all the repositories. Since I didn't want to abuse the service, I only scanned 8000 repositories (out of the ~ 10 millions).

All together, the script is around 100 lines of Ruby.

Results

And as my friend suggested, I found stuff:
  • config/database.yml with 2 root passwords (really good ones) and one user password
  • password for growlnotify
  • PHP script with MySQL root password
  • XML file with mysql credentials
  • Deployment script with MySQL root password
  • One SSH key
  • CouchApp credentials
  • Few hashes from database dump
  • ...
For a total of 500Mo of deleted files.


Any idea of what else I should look for?