search

tillson / git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
MIT License
1.2k stars 187 forks source link

unable to login into github #43

Closed vansh1 closed 2 years ago

vansh1 commented 2 years ago

Describe the bug A clear and concise description of what the bug is.

root@kalibox:~/tools# ./git-hound --subdomain-file /home/box/https1.txt --dig-files --dig-commits --results-only [!] Unable to log into GitHub. 2022/01/14 19:32:45

Required

my config file: github_username: "user" github_password: "pass"

Expected behavior it should run for my given files Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information): ubuntu 20.04 latest one

Additional context Add any other context about the problem here.

AhmedBoulahsen commented 2 years ago

i have the same bug

AhmedBoulahsen commented 2 years ago

echo "hackerone.com" | git-hound

[*] Logged into GitHub as AhmedBoulahsen [!] Unable to log into GitHub. 2022/01/14 23:51:58

abernalsec commented 2 years ago

Same issue here [*] Logged into GitHub as xxxxx@xxxxxxxxxxxx.com [!] Unable to log into GitHub. 2022/01/17 21:18:55

abernalsec commented 2 years ago

This helped me out: echo "domain" | ./git-hound --config-file config.yml

AhmedBoulahsen commented 2 years ago

its not working with me i get this error

bash: ./git-hound: No such file or directory

Canon88 commented 2 years ago

Same issue here

Mac

zissosafe commented 2 years ago

Same issue here, both with and without the --config-file option. Each time, I've copied user and pwd from the config file into the browser and there, the login works perfectly fine. git-hound ran once correctly (with the same config file), all the other times I got this error.

supersache commented 2 years ago

I found what the problem is. In GrabCSRFTokenBody in github.go the regex is wrong. It searches for a string consisting of a-zA-z0-9+/=. But the tokens I'm getting contain a-zA-Z0-9-. So I added - and . My line 173 in github.go now looks like this: 

re := regexp.MustCompile("authenticity_token\"\\svalue\\=\"([0-9A-z/=\\+\\-_]{32,})\"")

In my case it worked sometimes (~ 1 out of 10 times). That was when github generated a csrf_token that didn't contain the problematic characters.

vansh1 commented 2 years ago

i found a fix which may not work for all but just keep running git-hound continuously, keep doing this will finally help you that's how i solve that do that maximum time possible tip: keep internet fast or use vm

Canon88 commented 2 years ago

There are many results:timestamp_secret、authenticity_token

luizcorreia commented 2 years ago

I found what the problem is. In GrabCSRFTokenBody in github.go the regex is wrong. It searches for a string consisting of a-zA-z0-9+/=. But the tokens I'm getting contain a-zA-Z0-9-. So I added - and . My line 173 in github.go now looks like this:

re := regexp.MustCompile("authenticity_token\"\\svalue\\=\"([0-9A-z/=\\+\\-_]{32,})\"")

In my case it worked sometimes (~ 1 out of 10 times). That was when github generated a csrf_token that didn't contain the problematic characters.

Same here just getting [!] Unable to log into GitHub. , I have tryed the @supersache solution, but doesn't work for me.

tillson commented 2 years ago

Fixed in the latest commit!