Skip to content

Latest commit

 

History

History
76 lines (49 loc) · 1.81 KB

README.md

File metadata and controls

76 lines (49 loc) · 1.81 KB

gh-audit-org-keys Release

The point of this project is to help demonstrate that users of GitHub could potentially fall victim to getting their private SSH key cracked. This based on the size and complexity of the key the user generates.

Programs like ssh2john from John the Ripper can best demonstrate how fast an SSH private key can be solved from a not so complex algorithm with low key lengths (think RSA < 1024 bits).

Installation

  1. Install the gh cli - see the installation

    Installation requires a minimum version (2.0.0) of the GitHub CLI that supports extensions.

  2. Install this extension:

    gh extension install jef/gh-audit-org-keys
Manual Installation

Requirements: cli/cli and go.

  1. Clone the repository

    # git
    git clone git@github.com:jef/gh-audit-org-keys.git
    
    # GitHub CLI
    gh repo clone jef/gh-audit-org-keys
  2. cd into it

    cd gh-audit-org-keys
  3. Build it

    make build
  4. Install it locally

    gh extension install .

Usage

To run:

gh audit-org-keys

To upgrade:

gh extension upgrade audit-org-keys

Examples

  • gh audit-org-keys --organization="actions"
  • gh audit-org-keys --organization="actions" --show-users="all"

Acknowledgments