GSIL – GitHub Sensitive Information Leakage Monitoring Tool: Installation, Configuration, and Usage Guide

GSIL (GitHub Sensitive Information Leakage) is a tool that monitors GitHub repositories for sensitive data leaks in near real‑time (within 15 minutes) and sends alert notifications.

Features: rule‑based matching using rules.gsil , email alerts, scheduled scans, and optional cloning of vulnerable repositories.

Installation (Python 3 required):

$ git clone https://github.com/FeeiCN/gsil.git
$ cd gsil/
$ pip install -r requirements.txt

Configuration:

Rename gsil/config.gsil.example to gsil/config.gsil and edit the mail and GitHub sections.

Mail settings – fill in your own QQ email address, use an authorization code (not the password) as password , and add a CC address to avoid runtime errors.

GitHub settings – generate a personal access token (e.g., with repo:public_repo scope) at GitHub token settings and place it in the tokens field.

Scanning rules ( gsil/rules.gsil ) – define patterns such as internal domain names, code signatures, or external email domains. Example JSON structure shows a top‑level company name, product line, and specific matching criteria (mode, extensions, etc.).

Usage:

$ python gsil.py test

Verify token validity:

$ python gsil.py --verify-tokens

Schedule scans with crontab (e.g., every 15 minutes) and generate hourly or nightly reports:

* /15 * * * * /usr/bin/python /var/app/gsil/gsil.py test > /tmp/gsil
0 * * * * /usr/bin/python /var/app/gsil/gsil.py test > /tmp/gsil
0 23 * * * /usr/bin/python /var/app/gsil/gsil.py --report

Reports include scan counts, success/failure statistics, discovered vulnerabilities, domain status, and anomalies. Duplicate alerts are suppressed using a cache in ~/.gsil/ .

For any questions, leave a comment; the content is sourced from the internet with proper attribution.