Saturday, 22 June 2013

Operation scavenger

Following my talk last year at Ruxcon on Monitoring repositories for fun and profit,  a friend suggested me that I should look into files that gets added to a git repository and deleted in the next few commits... Operating scavenger was born.

How to do it

Since adding files is fairly common in a git repository, I decided to work the other way around, search for deleted files and see if they have been added in the last 3 commits.

Github provides a nice API that you can use to retrieve all the repositories. Since I didn't want to abuse the service, I only scanned 8000 repositories (out of the ~ 10 millions).

All together, the script is around 100 lines of Ruby.

Results

And as my friend suggested, I found stuff:
  • config/database.yml with 2 root passwords (really good ones) and one user password
  • password for growlnotify
  • PHP script with MySQL root password
  • XML file with mysql credentials
  • Deployment script with MySQL root password
  • One SSH key
  • CouchApp credentials
  • Few hashes from database dump
  • ...
For a total of 500Mo of deleted files.


Any idea of what else I should look for?

2 comments:

Arist0v said...

Google didn't have cache services??if you can find files like that from web server???

Louis Nyffenegger said...

But you wouldn't see really old files and files that has been added and removed in less than X commits.