Fork Cracker is a powerful tool designed to help security researchers and developers identify potential sensitive information leaks in GitHub repositories by scanning forks for specific files.
- Simple Scan: Quickly validate the existence of potential commit URLs.
- Advanced Scan: Pinpoint commits containing specific files, revealing potential leaks of sensitive data like API keys, credentials, or proprietary code.
- Hexadecimal Generation: Employs a robust sequential hexadecimal generation algorithm to efficiently check a wide range of potential commit IDs.
- Targeted Output: Saves discovered URLs to a text file for further analysis and investigation.
Fork Cracker generates a series of hexadecimal strings representing potential commit IDs. It then leverages the GitHub API to verify the validity of these IDs within the specified repository.
During advanced scans, the tool goes a step further by checking if the identified commits modified the target file, providing a more focused search for potential leaks.
-
Clone the Repository:
git clone https://github.com/RobinHirst11/fork-cracker.git
-
Navigate to the Directory:
cd fork-cracker
-
Run the Tool:
cargo run
- Launch the Tool: Run the executable and select the "Run" option.
- Choose Scan Type: Select either "Simple" for a quick check or "Advanced" for a targeted file search.
- Enter Repository URL: Provide the GitHub repository URL (e.g.,
username/repo
). - Specify File Name (Advanced Scan Only): For advanced scans, enter the name of the file you are looking for.
- Analyze Results: The tool will output a list of URLs to commits that match your criteria, allowing you to investigate potential leaks.
Example:
To find commits that modified a file named config.js
in the repository user/repo
:
- Choose "Advanced" scan.
- Enter
user/repo
as the repository. - Enter
config.js
as the file name.
Fork Cracker is provided for educational and security research purposes only. Use this tool responsibly and ethically. The creator is not liable for any misuse or damage resulting from its use.
We welcome contributions! Please submit pull requests for bug fixes, feature enhancements, or improvements.
This project is licensed under the Poblic license.