
GitGot is a semi-automated, feedback-driven tool that can rapidly search through troves of public data on GitHub for sensitive secrets.
Read Jake Miller's other post explaining the conception of GitGot here.
I built this tool as part of my research on human-in-the-loop (HITL) toolsets. By leveraging the speed of automation with the perspective of a user, GitGot can facilitate testing and improve results.
GitGot uses blacklisting through user-provided string constants (user names, repo names, and file names) and fuzzy matching against similar file contents. The tool leverages the GitHub Search API to perform searches across GitHub, and at the same time uses the blacklist mechanism to prune search results.
The blacklisting model, coupled with an HITL-based user interface, allows a guided scan through GitHub search results, which reduces user fatigue and improves blacklisting through human feedback. Users can pause or resume sessions at any time. Additionally, the session files become a unique collection of blacklist intelligence that can be used on subsequent related searches for the same organization.
Unlike traditional GitHub searches that only produce results for matching query text (e.g., example.com), GitGot performs a list of regex queries for sensitive tokens and keywords across any file that matches the initial query text. This allows users to find secrets hidden in a file that might not be presented as a snippet in the search results.
Create your own regex lists or contribute suggestions to GitGot. Check it out on the Bishop Fox GitHub. Happy hunting!
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.

Jul 09, 2025
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough

Jun 25, 2025
Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Jun 18, 2025
2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Jun 04, 2025
2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation