Welcome!

@CloudExpo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Zakia Bouachraoui, Yeshim Deniz

Related Topics: @CloudExpo, Linux Containers, Open Source Cloud, Agile Computing, Cloud Security, @DXWorldExpo, @ThingsExpo

@CloudExpo: Article

Gitrob on the Network | @ThingsExpo #BigData #IoT #M2M #Security

Gitrob scans the github repositories & matches filenames against a range of patterns for files containing sensitive information

Gitrob on the Network

Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined.  Sometimes Employee might publish things that might be sensitive in nature and these things might lead to compromise of a system.

Gitrob is a tool that Michael Henriksen developed that scans the github repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.

The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a list of repositories that might be related or have relevance to the organization.

When the list of repositories has been compiled, it proceeds to gather all the filenames in each repository and runs them through a series of observers that will flag the files, if they match any patterns of known sensitive files.  This step might take a while if the organization is big or if the members have a lot of public repositories.

All of the members, repositories and files will be saved to a PostgreSQL database. When everything has been sifted through, it will start a Sinatra web server locally on the machine, which will serve a simple web application to present the collected data for analysis.

Okay we are going to start with installing Postgresql database on a default Kali linux.

# apt-get install postgresql-server-dev-9.1

# apt-get install ruby1.9.1-dev

# service postgresql start

# su postgres

$ createuser -s gitrob --pwprompt

Enter password for new role:

Enter it again.

$ createdb -O gitrob gitrob

exit

# svn co https://github.com/michenriksen/gitrob

# cd gitrob/trunk

# gem install bundler

# gem install gitrob

log into your github account and grab the API key.  https://github.com/

# gitrob --configure

agree with the terms (y, n)

Enter Postgresql hostname: [localhost]

Enter Postgresql port: [5432]

Enter Postgresql username: gitrob

Enter Postgresql password for gitrob (masked): xxxxxx

Enter GitHub access tokens (blank line to stop): <this is the API key from your github account>

<enter again>

Now its installed and ready to go.

# gitrob -h

# gitrob -o apigee

screenshot1

Figure 1

Some findings that we have found with ruby and potential cryptographic keys.

Figure 2

Figure 3

More Stories By David Dodd

David J. Dodd is currently in the United States and holds a current 'Top Secret' DoD Clearance and is available for consulting on various Information Assurance projects. A former U.S. Marine with Avionics background in Electronic Countermeasures Systems. David has given talks at the San Diego Regional Security Conference and SDISSA, is a member of InfraGard, and contributes to Secure our eCity http://securingourecity.org. He works for Xerox as Information Security Officer City of San Diego & pbnetworks Inc. http://pbnetworks.net a Service Disabled Veteran Owned Small Business (SDVOSB) located in San Diego, CA and can be contacted by emailing: dave at pbnetworks.net.

CloudEXPO Stories
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments in AI and Cloud Computing technology innovation for enterprise communications to help you shape your future strategy.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lavi, a Nutanix DevOps Solution Architect, explored the ways that Nutanix technologies empower teams to react faster than ever before and connect teams in ways that were either too complex or simply impossible with traditional infrastructures.
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., discussed how these tools can be leveraged to develop a lasting competitive advantage in priority areas: customer analytics, financial crime prevention, regulatory compliance and risk management.
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in multiple vertical markets. Our delegate profiles can be located in our show prospectus.
According to the IDC InfoBrief, Sponsored by Nutanix, “Surviving and Thriving in a Multi-cloud World,” multicloud deployments are now the norm for enterprise organizations – less than 30% of customers report using single cloud environments. Most customers leverage different cloud platforms across multiple service providers. The interoperability of data and applications between these varied cloud environments is growing in importance and yet access to hybrid cloud capabilities where a single application runs across clouds remains elusive to most organizations. As companies eagerly seek out ways to make the multi cloud environment a reality, these new updates from Nutanix provide additional capabilities to streamline the implementation of their cloud services deployments.