Metadata-Version: 2.4
Name: shadowgit
Version: 0.1.0
Summary: Automated tool for detecting dangling commits and secrets in GitHub repos.
Project-URL: Homepage, https://github.com/0xcardinal/shadowGIT
Project-URL: Repository, https://github.com/0xcardinal/shadowGIT
Project-URL: Issues, https://github.com/0xcardinal/shadowGIT/issues
Author-email: 0xcardinal <0xcardinal@gmail.com>
License: MIT
License-File: LICENSE
Keywords: dangling-commits,git,github,osint,secrets,security
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Version Control :: Git
Requires-Python: >=3.11
Requires-Dist: requests>=2.31.0
Description-Content-Type: text/markdown

<div align="center">

# 🔍 shadowGIT

**Automated detection of dangling commits in Git repositories**

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![Version](https://img.shields.io/badge/version-0.1.0-green.svg)](https://github.com/0xcardinal/shadowGIT)
[![License](https://img.shields.io/badge/license-MIT-orange.svg)](LICENSE)

*Identifies commits that were force-pushed away but remain accessible, potentially exposing sensitive data.*

</div>

---

## ✨ Features

- 🔎 **Repository Scanning** - Scan specific repositories for dangling commits
- 👤 **User Activity Analysis** - Scan all repositories for a GitHub user
- 📊 **JSON Output** - Machine-readable output format
- 🚀 **Fast & Efficient** - Quick detection of exposed commits
- 🔒 **Security Focused** - Helps identify potential secret leaks

## 📦 Installation

```bash
pip install shadowgit
```

## 🚀 Quick Start

### Scan a specific repository
```bash
shadowGIT github -r owner/repo
```

### Scan all repositories for a user
```bash
shadowGIT github -u username
```

### JSON output format
```bash
shadowGIT github -r owner/repo --json
shadowGIT github -u username --json
```

## 📋 Output Examples

### Standard Output
```
[+] Scanning GitHub repo: owner/repo
[!] Found dangling commit: 0ae67fe748e0b6ca52066e76611f4237a0ace744
```

### JSON Output
```json
{
  "repository": "owner/repo",
  "commit_sha": "0ae67fe748e0b6ca52066e76611f4237a0ace744",
  "author": {
    "name": "Author Name",
    "email": "author@example.com"
  },
  "message": "Commit message",
  "secrets_found": [],
  "url": "https://github.com/owner/repo/commit/0ae67fe748e0b6ca52066e76611f4237a0ace744"
}
```

## 🔧 How It Works

shadowGIT analyzes GitHub push events and checks if commits are still accessible via branch history. Commits that were force-pushed away but remain in the repository are flagged as **dangling commits**.

The tool detects commits that show GitHub's spoofed commit warning, indicating they exist in the repository but are not part of any branch's history.

## 📋 Requirements

- **Python** 3.11 or higher
- **GitHub API** access (no authentication required for public repositories)

## 📝 License

MIT License - see [LICENSE](LICENSE) file for details
