Gitls – Enumerate git Repository URL From List of URL / User / Org

Gitls - Enumerate git Repository URL From List of URL User Org xploitlab


This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from all public repositories included in the org/user.

This can be used for various actions such as scanning or cloning for multiple repositories.

For unauthenticated requests in github api, the rate limit allows for up to 60 requests per hour. Unauthenticated requests are associated with the originating IP address, and not the user making requests.

So too many tasks can be blocked by the API for a certain time from github. In this case, you can select the appropriate destination or access and use any IP using the torsocks(e.g torsocks gitls -l user.list) or -tor options.


From go-get

▶ GO111MODULE=on go get -v

Using homebres

▶ brew tap hahwul/gitls
▶ brew install gitls 

Using snapcraft

▶ sudo snap install gitls

Read to :

uDork – Advanced Google Search Techniques


Usage of gitls:
       include repo of org users(member)
 -l string
       List of targets (e.g -l sample.lst)
 -o string
       write output file (optional)
 -proxy string
       using custom proxy
       using tor proxy / localhost:9050
       version of gitls

Case Study

Make all repo urls from repo/org/user urls


make repo url list from sample file

▶ gitls -l sample.lst

Get all repository in org and included users (members)

▶ echo | ./gitls -include-users


Automated testing with gitleaks

▶ gitls -l sample.lst | xargs -I % gitleaks –repo-url=% -v

All clone target’s repo

▶ echo “” | gitls | xargs -I % git clone %

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

four + seven =