Need help with git-wild-hunt?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

161 Stars 30 Forks Apache License 2.0 13 Commits 2 Opened issues


A tool to hunt for credentials in github wild AKA git*hunt

Services available


Need anything else?

Contributors list

# 98,647
8 commits
# 119,350
1 commit


A tool to hunt for credentials in the GitHub wild AKA git*hunt

Getting started

  1. Install the tool
  2. Configure your GitHub token
  3. Search for credentials
  4. See results
    cat results.json | jq

:tv: Demo


  • requirements:
    virtualenv, python3
  1. git clone && cd git-wild-hunt
    clone project and cd into the project dir
  2. pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt
    create virtualenv and install requirements

Continue to configuring a GitHub API key


Make sure you set a GitHub token if you need to create one for your account follow these instructions.

github_token = ''
# GitHub token for searching

output = results.json

stores matches in JSON here

log_path = git-wild-hunt.log

Sets the log_path for the logging file

log_level = INFO

Sets the log level for the logging

Possible values: INFO, ERROR

regexes = regexes.json

regexes to check the git wild hunt search against

GitHub search examples

the -s flag accepts any GitHub advance search query, see some examples below

Find GCP JWT token files

python -s "extension:json filename:creds language:JSON"
Find AWS API secrets

python -s " filename:credentials"
Find Azure JWT Token

python -s "extension:json filename:accessTokens language:JSON"
Find GSUtils configs

python -s "path:.gsutil filename:credstore2"
Find Kubernetes config files

python -s "path:.kube filename:config"
Searching for Jenkins credentials.xml file

python -s "extension:xml filename:credentials.xml language:XML"
Find secrets in .circleci

python -s "extension:yml path:.circleci filename:config language:YAML"
Generic credentials.yml search

python -s "extension:yml filename:credentials.yml language:YAML"


usage: [-h] -s SEARCH [-c CONFIG] [-v]

optional arguments: -h, --help show this help message and exit -s SEARCH, --search SEARCH search to execute -c CONFIG, --config CONFIG config file path -v, --version shows current git-wild-hunt version

What checks get run

This file contains all the regexes that will be used to check against the raw content filed returned for a search. Feel free to add/modify and include any specific ones that match the credential you are trying to find. This was graciously borrowed from truffleHog

Currently verified credentials via regex:

  • AWS API Key
  • Amazon AWS Access Key ID
  • Amazon MWS Auth Token
  • Facebook Access Token
  • Facebook OAuth
  • Generic API Key
  • Generic Secret
  • GitHub
  • Google (GCP) Service-account
  • Google API Key
  • Google Cloud Platform API Key
  • Google Cloud Platform OAuth
  • Google Drive API Key
  • Google Drive OAuth
  • Google Gmail API Key
  • Google Gmail OAuth
  • Google OAuth Access Token
  • Google YouTube API Key
  • Google YouTube OAuth
  • Heroku API Key
  • MailChimp API Key
  • Mailgun API Key
  • PGP private key block
  • Password in URL
  • PayPal Braintree Access Token
  • Picatic API Key
  • RSA private key
  • SSH (DSA) private key
  • SSH (EC) private key
  • Slack Token
  • Slack Webhook
  • Square Access Token
  • Square OAuth Secret
  • Stripe API Key
  • Stripe Restricted API Key
  • Twilio API Key
  • Twitter Access Token
  • Twitter OAuth



Credits & References

Inspiration to write this tool came from the shhgit project


  • better error handling

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.