A tool to scan GitHub repositories for potentially infected MSBuild project files that could contain malicious code or backdoors.
This project provides two components:
- A Python script that scans GitHub repositories for suspicious patterns in MSBuild project files
- A simple web interface for quick scannning without an API token
- Python 3.6+
- GitHub API token
- Clone this repository:
git clone https://github.com/cod3nym/github-backdoor-scanner.git
cd github-backdoor-scannerVisit https://cod3nym.github.io/github-backdoor-scanner/
- Add your token to the
repo_scanner.pyscript:
python repo_scanner.py https://github.com/name/repo ...To scan multiple repositories, separate them with spaces.
It's recommended to use a fine-grained GitHub token with minimal permissions:
- Go to GitHub Settings > Developer Settings > Personal Access Tokens
- Select "Fine-grained tokens"
- Create a new token with only the following permissions:
- Repository access: Read-only
- Repository permissions:
- Contents: Read-only
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.