feat: initial release (#1)

Author: jef

.github/workflows/ci.yaml

@@ -14,8 +14,8 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - name: Pull dependencies
-        run: make build
+      - name: Build
+        run: make production
   lint:
     runs-on: ubuntu-latest
     steps:
@@ -29,5 +29,7 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - name: Pull dependencies
-        run: make lint
+      - name: Lint
+        run: |
+          go get -u golang.org/x/lint/golint
+          golint -set_exit_status

Dockerfile

@@ -0,0 +1,23 @@
+FROM golang:1.14.4-alpine3.11 AS builder
+
+RUN apk update && apk --no-cache add make git
+
+WORKDIR /build
+
+ARG GITHUB_ORGANIZATION
+ARG GITHUB_PAT
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+COPY main.go main.go
+COPY Makefile Makefile
+
+RUN make production
+
+FROM scratch
+
+WORKDIR /opt
+
+COPY --from=builder /build/bin/audit-org-keys audit-org-keys
+
+ENTRYPOINT ["./audit-org-keys"]

Makefile

@@ -0,0 +1,43 @@
+PROJECT_NAME=audit-org-keys
+GOBASE=$(shell pwd)
+GOBIN=$(GOBASE)/bin/$(PROJECT_NAME)
+
+.DEFAULT_GOAL := build
+
+build:
+	go build -o $(GOBIN)
+
+build-docker:
+	docker build \
+	--build-arg "GITHUB_ORGANIZATION=$(GITHUB_ORGANIZATION)" \
+	--build-arg "GITHUB_PAT=$(GITHUB_PAT)" \
+	-t $(PROJECT_NAME):local .
+
+clean:
+	rm -rf $(GOBIN)
+
+fmt:
+	go fmt
+
+hooks:
+	cp -f .github/hooks/pre-commit .git/hooks/pre-commit
+
+install:
+	go mod download
+
+production:
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o $(GOBIN)
+
+run:
+	make build
+	$(GOBIN)
+
+run-docker:
+	make build-docker
+	docker run --rm -it $(PROJECT_NAME):local
+
+test:
+	go test -v
+
+vet:
+	go vet -v

README.md

@@ -1,4 +1,4 @@
-# audit-org-keys
+# audit-org-keys [![ci](https://github.com/jef/audit-org-keys/workflows/ci/badge.svg)](https://github.com/jef/audit-org-keys/actions?query=workflow%3Aci)
 
 The point of this project is to help demonstrate that users of GitHub could potentially fall victim to getting their private SSH key cracked. This based on the size and complexity of the key the user generates.
 

go.mod

@@ -0,0 +1,3 @@
+module github.com/jef/audit-org-keys
+
+go 1.14

go.sum

@@ -0,0 +1,123 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+)
+
+const (
+	githubURL     = "https://github.com"
+	githubOrgsAPI = "https://api.github.com/orgs"
+)
+
+var (
+	githubOrg = os.Getenv("GITHUB_ORGANIZATION")
+	githubPat = os.Getenv("GITHUB_PAT")
+)
+
+type member struct {
+	Login string `json:"login"`
+}
+
+func main() {
+	fmt.Println("getting members")
+	members := getMembers()
+
+	fmt.Println("getting keys")
+	getKeys(members)
+}
+
+func getKeys(members []member) {
+	client := &http.Client{}
+
+	var membersWithNoKey []member
+
+	for _, member := range members {
+		req, err := http.NewRequest(
+			"GET",
+			fmt.Sprintf("%s/%s.keys", githubURL, member.Login),
+			nil,
+		)
+		if err != nil {
+			log.Fatal(err)
+		}
+		req.Header.Add("authorization", fmt.Sprintf("token %s", githubPat))
+
+		res, err := client.Do(req)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		defer res.Body.Close()
+
+		key, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		if len(key) != 0 {
+			fmt.Println(fmt.Sprintf("%s:\n%s", member.Login, key))
+			fmt.Println("-------------------------------------------------------------------------------------")
+			fmt.Println()
+		} else {
+			membersWithNoKey = append(membersWithNoKey, member)
+		}
+	}
+
+	fmt.Println(fmt.Sprintf("members with no keys (%d):", len(membersWithNoKey)))
+	for _, member := range membersWithNoKey {
+		fmt.Println(fmt.Sprintf("%s", member.Login))
+	}
+}
+
+func getMembers() []member {
+	page := 1
+
+	var members []member
+
+	for {
+		client := &http.Client{}
+
+		req, err := http.NewRequest(
+			"GET",
+			fmt.Sprintf("%s/%s/members?filter=all&page=%d", githubOrgsAPI, githubOrg, page),
+			nil,
+		)
+		if err != nil {
+			log.Fatal(err)
+		}
+		req.Header.Add("authorization", fmt.Sprintf("token %s", githubPat))
+
+		res, err := client.Do(req)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		defer res.Body.Close()
+
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		var ms []member
+
+		err = json.Unmarshal(body, &ms)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		if len(ms) != 0 {
+			members = append(members, ms...)
+			page++
+		} else {
+			break
+		}
+	}
+
+	return members
+}