我正试图运行trufflehog制作的python脚本,使用他们的开源扫描仪一次扫描账户或组织的所有回购。
有人知道我如何在不弄乱其他内容的情况下将我的用户名和访问令牌放在url中吗?
def get_org_repos(orgname, page):
response = requests.get(url='https://api.github.com/users/' + orgname + '/repos?page={}'.format(page))
json = response.json()
if not json:
return None
for item in json:
if item['fork'] == False:
print('searching ' + item["html_url"])
results = truffleHog.find_strings(item["html_url"], do_regex=True, custom_regexes=rules, do_entropy=False, max_depth=100000)
for issue in results["foundIssues"]:
d = loads(open(issue).read())
d['github_url'] = "{}/blob/{}/{}".format(item["html_url"], d['commitHash'], d['path'])
d['github_commit_url'] = "{}/commit/{}".format(item["html_url"], d['commitHash'])
d['diff'] = d['diff'][0:200]
d['printDiff'] = d['printDiff'][0:200]
print(dumps(d, indent=4))
get_org_repos(orgname, page + 1)
get_org_repos("insertOrgName", 1)
到目前为止,我已经尝试了一些类似的变体
requests.get(url='https://api.github.com/users/myOrg/repos?access_token=xyz?page={}'.格式(页((
首先我会使用f-string使其更可读,其次我会使用内置请求功能传入GET参数。
params = {'page':page, 'access_token'=access_token}
def get_org_repos(orgname, page):
response = requests.get(f'https://api.github.com/users/{orgname}/repos', params=params)
json = response.json()
if not json:
return None
for item in json:
if item['fork'] == False:
print('searching ' + item["html_url"])
results = truffleHog.find_strings(item["html_url"], do_regex=True, custom_regexes=rules, do_entropy=False, max_depth=100000)
for issue in results["foundIssues"]:
d = loads(open(issue).read())
d['github_url'] = f'{html_url}/blob/{commitHash}/{path}'
d['github_commit_url'] = f'{html_url}/commit/{commitHash}'
d['diff'] = d['diff'][0:200]
d['printDiff'] = d['printDiff'][0:200]
print(dumps(d, indent=4))
get_org_repos(orgname, page + 1)
get_org_repos("insertOrgName", 1)