Skip to content

Releases: kulkansecurity/gitxray

1.0.18

20 Aug 23:44
ebbb9f1
Compare
Choose a tag to compare

Release v1.0.18 (August 20th, 2025)

  • New 'host_refs' section/feature! Uses the GitHub Code search API to search for http(s) hosts (domains or IP addresses). It also searches inside Workflows. It can definitely help at the time of mapping infrastructure of a target, or for checking your own repositories for potential malicious activity. Only works if a GH_ACCESS_TOKEN is set, due to Code search API restrictions.
  • New integration with the VirusTotal API, which can be activated by setting VT_API_KEY to your VirusTotal API Key! It will populate results in a new 'host_refs_vt' section for any hosts that were previously identified in host_refs.
  • Merged the 'urls' section for contributors and repository with 'profiling' - only kept it for non-contributors.
  • Fixed the sidebar menu in the HTML report so that the first click collapses a collapsable item directly; and also fixed indentation for subitems.
  • Added an inline description to categories in the HTML report explaining why and how the data of the category can be useful.

1.0.17.4

27 Apr 17:52
401f4d2
Compare
Choose a tag to compare

Release v1.0.17.4 (April 27th, 2025)

  • Removed external links to Bootstrap CSS, JavaScript, and the Gitxray logo; now all assets (styles, scripts, images) are embedded so HTML reports are fully self-contained.
  • Merged a PR by satoridev01 which prevents Gitxray from printing stars, watchers, created, updated, contributors and anonymous if they were not found, as opposed to stating "0".

1.0.17.3

03 Mar 01:56
9a96a38
Compare
Choose a tag to compare

Release v1.0.17.3 (March 2nd, 2025)

  • Added handling of Blocked repositories. The GitHub API presents a different error than for not-found repos, and includes a reason; which we now include in our reports. Thanks to satoridev01 for reporting the behavior.

1.0.17.2

17 Feb 01:53
7dd8446
Compare
Choose a tag to compare

Release v1.0.17.2 (February 16th, 2025)

  • Added a Highlighted findings section to the HTML report. Special thanks to Viktor and Darin from DevOps Paradox for their feedback.
  • Added to every table in the HTML report the ability to collapse and expand.
  • Merged the finding on similar repository names with the finding on the repository being the most starred.
  • Improved the introduction section of the HTML report to guide users with sample use-cases for Gitxray.

1.0.17.1

31 Jan 02:35
ff4d407
Compare
Choose a tag to compare

Release v1.0.17.1 (January 30th, 2025)

  • Fixed parsing of legacy workflows which include an empty path attribute.
  • Fixed parsing of broken armored PGP keys which appear to be accepted by GitHub when being added to a user's profile.

1.0.17

26 Jan 23:03
c7412b7
Compare
Choose a tag to compare

Release v1.0.17 (January 26th, 2025)

1.0.16.5

18 Jan 22:49
f00026e
Compare
Choose a tag to compare

Release v1.0.16.5 (January 18th, 2025)

  • Fixed an error case (an unhandled exception) that showed up when scanning repositories with a very large list of contributors (e.g. torvalds/linux, or MicrosoftDocs/azure-docs), which leads to GitHub REST APIs responding in an undocumented manner, stating that: "The history or contributor list is too large to list contributors for this repository via the API".

1.0.16.4

30 Oct 19:05
b5b63a5
Compare
Choose a tag to compare

Release v1.0.16.4 (October 30th, 2024)

  • Fixed an error case that should be fixed in gh_api.py eventually: GitHub returning unexpected error responses when querying for certain releases while being unauthenticated. Thank you once again fearcito for your input and testing.

1.0.16.3

28 Oct 13:24
56e918b
Compare
Choose a tag to compare

Release v1.0.16.3 (October 28th, 2024)

  • Only showing "updated at" for comments if the created_at and updated_at field values differ. This helps place focus on updated comments which could potentially reveal a contributor trying to hide a past comment. GitHub is kind to show an Edit history for said comments as a menu option next to the comment itself.

1.0.16.2

25 Oct 16:37
82e2603
Compare
Choose a tag to compare

Release v1.0.16.2 (October 25th, 2024)

  • Added validation against Null values for fields "author" and "uploader" in Releases and Assets. Special thanks to fearcito for reporting the issue.