loading
loading
Discovery
Hunt for credentials and secrets leaked across public GitHub.
overview
git-wild-hunt searches public GitHub code for secrets that developers commit by accident. You hand it a search query that targets the shape of a leak, such as AWS credentials files, Azure access tokens, or Kubernetes configs, and it queries the GitHub code search API, pulls matching files, and writes the hits to a results file you can review and feed downstream.
The power is in the search expression. By combining path, filename, extension, and language qualifiers you can chase a specific kind of secret rather than scanning blindly, so a query like path:.aws/ filename:credentials surfaces credential files that should never have been pushed. A config file controls how the run behaves and where results land, so the same query can be replayed consistently across runs.
Use it during an exposure assessment of an organization's public footprint. Pass the JSON results into a parsing stage to triage which findings are live secrets and which are noise, with the config output pointed at /hive/out/results.json.
use cases
Search for path and filename patterns like .aws/credentials or .azure access tokens to surface cloud secrets that developers pushed to public GitHub by mistake.
Sweep public GitHub for the kinds of files your engineers handle, then collect the hits into a results file so security can review what is exposed before an attacker finds it.
Target path:.kube filename:config and similar expressions to catch cluster configs, kubeconfigs, and service files that carry credentials in plaintext.
Write results as JSON, then parse and filter them downstream so the team works from a deduplicated list of real secrets instead of raw search noise.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| config | FILE | · | Config file path that controls the run; the repository ships a template, and the output variable should point at /hive/out/results.json. |
| search | STRING | --search | GitHub search query to execute, for example path:.aws/ filename:credentials or path:.kube filename:config. |
Showing key inputs. git-wild-hunt exposes 2 inputs in total.
example
# hunt public GitHub for AWS credential filesgit-wild-hunt --search 'path:.aws/ filename:credentials'api.example.comstaging.example.comci.example.comops.example.commail.example.comvpn.example.comgitlab.example.comcdn.example.comguidance
Reach for git-wild-hunt when you want to find secrets that have leaked into public GitHub code, not secrets exposed on live hosts. It hunts source repositories through GitHub code search, so pair it with the right query for the secret you expect and a downstream parser to triage the hits.
Scrapes GitHub for repository and code data. A broader collector where git-wild-hunt targets credential patterns specifically.
Hunts GitHub for a specific vulnerable pattern instead of leaked secrets. Same source, different target.
Investigates GitHub accounts and activity. Use it to pivot from a leaked file to the user or org that pushed it.
faq
related
Check whether a URL redirects to a masked 404 page.
Append lines to a file only if they are not already there.
Extract URLs and endpoints from Android APK files.
Visual inspection of websites across a large number of hosts.
Find suspicious files across a large set of AWS S3 buckets.
An automated tool that checks for backup artifacts that may disclose a web application's source code.
A config and search query drive git-wild-hunt, which hunts public GitHub for matching secrets and passes the results to a parser so triaged, leaked credentials land as output.
Facts on this page come from the live Trickest tool library.