Created
September 2, 2025 13:13
-
-
Save libcrack/7cacba1ac9a881e60dc7475edbe5410d to your computer and use it in GitHub Desktop.
Clone all organization repos, scan secrets with Gitleaks and analyze workflows & actions with ADES and poutine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # devnull@localhost | |
| # | |
| # Created: | |
| # Wed Oct 23 05:11:29 CEST 2024 | |
| # | |
| # Updated: | |
| # Tue Sep 2 14:37:50 CEST 2025 | |
| # | |
| # --source : show only non-forks | |
| # --no-archived : omit archived repositories | |
| # | |
| # # Using GitHub CLI ----------------------------- | |
| # | |
| # gh repo list "${ORG}" --limit ${LIMIT} | while read -r repo _; do | |
| # gh repo clone "${repo}" "${repo}" | |
| # done | |
| # | |
| # gh repo list ${ORG} --limit ${LIMIT} \ | |
| # --json nameWithOwner \ | |
| # --jq '.[].nameWithOwner' \ | |
| # | parallel -j${JOBS} gh repo clone | |
| # | |
| # # Using curl ------------------------------------ | |
| # | |
| # PAGE=1 | |
| # CNTX={users|orgs} | |
| # NAME={username|orgname} | |
| # | |
| # curl "https://api.github.com/${CNTX}/${NAME}/repos?page=${PAGE}&per_page=100" \ | |
| # | grep -e 'clone_url*' \ | |
| # | cut -d \" -f 4 \ | |
| # | xargs -L1 git clone | |
| # | |
| # curl "https://api.github.com/orgs/${ORG}/repos?per_page=1000" \ | |
| # | grep -o 'git@[^"]*' | |
| # | xargs -L1 git clone | |
| # | |
| if [[ ! -n ${1} ]]; then | |
| printf "Usate: $0 <orgname>\n" | |
| exit 1 | |
| fi | |
| ORG="${1}" | |
| PAGE=1 | |
| JOBS=16 | |
| LIMIT=100 | |
| TOTAL=259 | |
| DELETE=1 | |
| MAX_PAGES=$(((TOTAL/LIMIT)+1)) | |
| ADES=1 | |
| POUTINE=1 | |
| GITLEAKS=1 | |
| # curl "https://api.github.com/orgs/${ORG}/repos?per_page=1000" \ | |
| # | grep -o 'git@[^"]*' | |
| # | xargs -L1 git clone | |
| for page in {1..4}; do | |
| json="${ORG}-${page}.json" | |
| printf "> Downloading \e[93m${json}\e[0m\n" | |
| curl -s -o "${json}" "https://api.github.com/orgs/${ORG}/repos?page=${page}&per_page=${LIMIT}" | |
| sleep 1 | |
| done | |
| JSON="${ORG}.json" | |
| TXT="${ORG}.txt" | |
| printf "> Consolidating repos into \e[93m${JSON}\e[0m\n" | |
| jq '.[]' "${ORG}"-*.json > "${JSON}" | |
| printf "> Deleting files \e[93m${ORG}"-*.json"\e[0m\n" | |
| rm "${ORG}"-*.json | |
| printf "> Extracting repos from \e[93m${JSON}\e[0m\n" | |
| jq -r '.clone_url' "${JSON}" > "${TXT}" | |
| printf "> Creating \e[93m${TXT}\e[0m\n" | |
| while read repo_url; do | |
| repo_name="${repo_url##*/}" | |
| repo_name="${repo_name%.*}" # git rid of .git | |
| printf "> Cloning \e[93m${repo_name}\e[0m\n" | |
| if [ -d "${repo_name}" ]; then | |
| printf "> Repo ${repo_name} already cloned\n" | |
| else | |
| echo git clone "${repo_url}" "${repo_name}" | |
| fi | |
| [[ ${ADES} -eq 1 ]] && { | |
| ades_report="ades-${repo_name}.json" | |
| printf "> Launching ADES: ${ades_report}\n" | |
| echo ades -json "${ades_report}" "${repo_name}" | |
| } | |
| [[ ${POUTINE} -eq 1 ]] && { | |
| poutine_report="poutine-${repo_name}.json" | |
| printf "> Launching poutine: ${poutine_report}\n" | |
| echo poutine -f json analyze_local . > "${poutine_report}" | |
| } | |
| [[ ${GITLEAKS} -eq 1 ]] && { | |
| gitleaks_report="gitleaks-${repo_name}.json" | |
| printf "> Launching gitleaks: ${gitleaks_report}\n" | |
| echo gitleaks detect -v --no-banner -s "${repo_name}" -r "${gitleaks_report}" | |
| } | |
| [[ ${DELETE} -eq 1 ]] && { | |
| printf "> Deleting repo ${repo_name}\n" | |
| echo rm -rf "${repo_name}" | |
| } | |
| done < "${TXT}" | |
| printf "> Done\n" | |
| exit 0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment