In response to the recent Sha1-Hulud global attack, a new method of data exfiltration has emerged in which stolen credentials from compromised machines are uploaded to GitHub repositories. To counter this threat, we have developed a scanner that runs on a scheduled basis via Cron, continuously monitoring these exfiltration repositories for suspicious activity. The scanner searches for keywords that match a predefined list, enabling proactive detection and response to credential theft attempts.
git clone https://github.com/PR3R00T/SHA1-hulud-Repo-Scanner
cd SHA1-hulud-Repo-Scanner
pip install -r requirements.txt
python3 ./scanner.py --github_token "PUTGITHUBTOKENHERE" --keyword_file keywords.txt --callback_url "https://google.com"
The code provided is intended solely for educational and lawful purposes.
By using this code, you agree to:
- ✅ Use it responsibly and in compliance with all applicable laws and regulations
- ✅ Respect intellectual property rights and avoid plagiarism or unauthorized distribution
- ✅ Ensure that your implementation does not cause harm, exploit vulnerabilities, or infringe on privacy
- ✅ Apply the code in ways that promote fairness, transparency, and integrity
The author(s) and distributor(s) of this code assume no liability for misuse, illegal activities, or unethical applications.
You are fully responsible for how you choose to apply and adapt this code.