search

tillson / git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
MIT License
1.2k stars 187 forks source link

Error seems to occur when domain being searched yields no results #54

Closed NotoriousRebel closed 1 year ago

NotoriousRebel commented 2 years ago

While using the latest verison (v1.6) of the tool like so:

githound --subdomain-file subdomains.txt --dig-files --dig-commits --threads 2 --config-file config.yml --debug

It appears that some subdomains in that file do not yield any results from github which results in a crash, to test this try running the following command:

echo "reallyobscure.example.com" | githound --dig-files --dig-commits --debug

This does not yield any results from github searching and the following stacktrace is shown below when I ran the aforementioned command:

# echo "reallyobscure.example.com" | githound --dig-files --dig-commits --debug
[*] Logged into GitHub as *********
panic: runtime error: index out of range [1] with length 0

goroutine 1 [running]:
github.com/tillson/git-hound/internal/app.SearchGitHub({0xc00002b1e0, 0x19}, {0x64, {0x0, 0x0}, {{0x0, 0x0}, {0x0, 0x0}, 0x0, ...}}, ...)
        /Users/tillson/git-hound/internal/app/search.go:153 +0x1435
github.com/tillson/git-hound/internal/app.Search({0xc00002b1e0, 0x19}, 0x0?)
        /Users/tillson/git-hound/internal/app/search.go:66 +0x1c5
github.com/tillson/git-hound/cmd.glob..func1(0xf0fa40?, {0xc000109530, 0x0, 0x3?})
        /Users/tillson/git-hound/cmd/root.go:96 +0x6ee
github.com/spf13/cobra.(*Command).execute(0xf0fa40, {0xc00001e090, 0x3, 0x3})
        /Users/tillson/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:860 +0x663
github.com/spf13/cobra.(*Command).ExecuteC(0xf0fa40)
        /Users/tillson/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:974 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
        /Users/tillson/go/pkg/mod/github.com/spf13/cobra@v1.4.0/command.go:902
github.com/tillson/git-hound/cmd.Execute()
        /Users/tillson/git-hound/cmd/root.go:124 +0x25
main.main()
        /Users/tillson/git-hound/main.go:10 +0x17
tillson commented 2 years ago

Thanks for the report, will get this fixed tomorrow. I suggest using v1.5 for now if you can

NotoriousRebel commented 2 years ago

Sweet, sounds good. I don't think it's worth creating another issue but while using the tool with --debug on for some repos the error: couldn't find remote ref "refs/heads/master" appears a lot. This is highly likely due to some repos still having the primary branch being called master while other repos use the term main which is leading to githound failing to successfully clone the repos leading to a lot of repos not being cloned.

Shown below is an example commandline to indentify the issue as well as the error itself being shown:

# echo "tesla.com" | githound --dig-files --dig-commits --debug
Cleaning up local repo storage...
[*] Logged into GitHub as *******
[*] Searching 100 pages of results for 'tesla.com'...
Digging unixnexo/unixnexo.github.io
Digging SmogDr/edar_coursebook
Digging anallelyxdata/xdata-site
Digging anallelyxdata/xdata-site
couldn't find remote ref "refs/heads/master"
couldn't find remote ref "refs/heads/master"
Digging ds330wkguys/project_code
couldn't find remote ref "refs/heads/master"

Looking into it further it's when the primary branch is not called master that this error occurs. Analyzing the aforementioned reuslts, for example:

https://github.com/anallelyxdata/xdata-site the primary branch is called gh-pages and https://github.com/SmogDr/edar_coursebook is called master.

tillson commented 2 years ago

Sweet, sounds good. I don't think it's worth creating another issue but while using the tool with --debug on for some repos the error: couldn't find remote ref "refs/heads/master" appears a lot. This is highly likely due to some repos still having the primary branch being called master while other repos use the term main which is leading to githound failing to successfully clone the repos leading to a lot of repos not being cloned.

Shown below is an example commandline to indentify the issue as well as the error itself being shown:

# echo "tesla.com" | githound --dig-files --dig-commits --debug
Cleaning up local repo storage...
[*] Logged into GitHub as *******
[*] Searching 100 pages of results for 'tesla.com'...
Digging unixnexo/unixnexo.github.io
Digging SmogDr/edar_coursebook
Digging anallelyxdata/xdata-site
Digging anallelyxdata/xdata-site
couldn't find remote ref "refs/heads/master"
couldn't find remote ref "refs/heads/master"
Digging ds330wkguys/project_code
couldn't find remote ref "refs/heads/master"

Looking into it further it's when the primary branch is not called master that this error occurs. Analyzing the aforementioned reuslts, for example:

https://github.com/anallelyxdata/xdata-site the primary branch is called gh-pages and https://github.com/SmogDr/edar_coursebook is called master.

is this happening in v1.6? I thought I had fixed that but may have missed something

NotoriousRebel commented 2 years ago

Just downloaded the latest release on an Ubuntu 20.04.4 LTS box, and ran the aforementioned command the error still exists.

tillson commented 2 years ago

Fixed the first one (f1b640c4e8bb5b3797d73dd740a1d27c3231f675), I'll look into the second one as well

NotoriousRebel commented 1 year ago

Awesome, glad to hear! Were you able to replicate the finding remote ref issue?

tillson commented 1 year ago

not yet - also can't seem to find any references to the master branch in the new version. I wonder if it's within the library we're using...