GShark
Scan for sensitive information easily and effectively.
GShark
The project is based on go with vue to build a management system for sensitive information detection. This is the total fresh version, you can refer the old version here.
Features
- Support multi platform, including Gitlab, Github, Searchcode
- Flexible menu and API permission setting
- Flexible rules and filter rules
- Utilize gobuster to brute force subdomain
- Easily used management system
Quick start
Deployment
For the deployment, it's suggested to install nginx. Place the dist
folder under html
, modify the nginx.conf
to reverse proxy the backend service. I have also made a video for the deployment in bilibili and youtube.
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8888;
}
The deployment work is very easy. Find the corresponding binary zip file from releases. Unzip and run. Remember to copy the files inside dist
to html
folder of nginx.
Web service
./gshark web
Scan service
./gshark scan
Development
Server side
git clone https://github.com/madneal/gshark.git
cd server
go mod tidy
mv config-temp.yaml config.yaml
go build
./gshark web
If you want to set up the scan service, please run:
./gshark scan
Web side
cd ../web
npm install
npm run serve
Run
USAGE:
gshark [global options] command [command options] [arguments...]
COMMANDS:
web Startup a web Service
scan Start to scan github leak info
help, h Show a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d Debug Mode
--host value, -H value web listen address (default: "0.0.0.0")
--port value, -p value web listen port (default: 8000)
--time value, -t value scan interval(second) (default: 900)
--help, -h show help
--version, -v print the version
Add Token
To execute ./gshark scan
, you need to add a Github token for crawl information in github. You can generate a token in tokens. Most access scopes are enough. For Gitlab search, remember to add token too.
FAQ
- Default username and password to login
gshark/gshark
go get ./... connection error
It's suggested to enable goproxy(refer this article for golang upgrade):
go env -w GOPROXY=https://goproxy.cn,direct
go env -w GO111MODULE=on
Reference
Wechat
If you would like to join wechat group, you can add my wechat mmadneal
with the message gshark
.
License
Apache License 2.0
404StarLink 2.0 - Galaxy
GShark 是 404Team 星链计划2.0中的一环,如果对 GShark 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。