Dgitscan is a powerful GitHub reconnaissance tool that scans raw GitHub content for exposed subdomains and sensitive credentials related to a target organization. Built for bug bounty hunters, red teamers, and cybersecurity researchers, it combines subdomain enumeration, secret detection, entropy filtering, and DNS resolution in one streamlined CLI utility.
- 🔍 Subdomain Discovery: Detects subdomains of a target domain embedded in GitHub-hosted source code.
- 🔐 Credential Detection: Finds hardcoded secrets using signature-based matching (API keys, tokens, passwords, private keys, etc).
- 🌐 Live DNS Check: Confirms if discovered subdomains resolve.
- 📦 Modular Signature Engine: Easily extendable via YAML rule files.
- 📁 Output in JSON: Results stored in
output/{domain}.json
# Clone the repository
$ git clone https://github.com/yourname/dgitscan.git
$ cd dgitscan
# Install Python dependencies
$ pip install -r requirements.txtpython github.py -d example.com| Option | Description |
|---|---|
-d, --domain |
Target domain to scan (required) |
--silent |
Suppress console output |
Secret detection patterns are defined in signatures.yaml. You can:
- Add new types
- Adjust regex patterns
- Set custom risk weights
signatures:
AWS Access Key:
pattern: "AKIA[0-9A-Z]{16}"
weight: 30
Google API Key:
pattern: "AIza[0-9A-Za-z\-_]{35}"
weight: 25Results are saved as:
output/example_com.jsonEach finding includes:
- Subdomain
- Source URL
- DNS live check
- Risk score
- Leak types & sample values
- Query string leaks (if found)
- GitHub code search API integration
- CSV/HTML report exports
- Web UI for exploring findings
Dgitscan is crafted with ❤️ for offensive security research.
Feel free to contribute, suggest improvements, or fork your own version.
MIT License. See LICENSE file for details.