starred/raptor
1
0
Fork 0
mirror of https://github.com/gadievron/raptor.git synced 2026-04-24 21:46:00 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[PR #10] [MERGED] GitHub forensics #23

New issue
Closed
opened 2026-03-02 04:07:53 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 04:07:53 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/gadievron/raptor/pull/10
Author: @mbrg
Created: 11/29/2025
Status: Merged
Merged: 11/29/2025
Merged by: @mbrg

Base: mainHead: github-forensics

📝 Commits (10+)

  • 9a273c7 init GH Archive skill
  • 56af489 claude helps write gh archive skill
  • 5f74fbd restructure for clarity
  • d514f40 prune fluff
  • 4d5fb62 detect api access
  • 066ca4c prune "Automation vs Direct API Attribution"
  • 56d8437 restructure under github-analysis
  • 160ce93 claude helps
  • 0b1c411 Merge pull request #1 from mbrg/github-ti-agent
  • d1b8811 Add force push recovery techniques to GitHub analysis skills

📊 Changes

40 files changed (+8328 additions, -0 deletions)

View changed files

.claude/skills/github-forensics/github-archive/SKILL.md (+712 -0)
.claude/skills/github-forensics/github-commit-recovery/SKILL.md (+303 -0)
.claude/skills/github-forensics/github-evidence-kit/SKILL.md (+363 -0)
.claude/skills/github-forensics/github-evidence-kit/pytest.ini (+3 -0)
.claude/skills/github-forensics/github-evidence-kit/requirements.txt (+15 -0)
.claude/skills/github-forensics/github-evidence-kit/self_improvement_prompt.md (+13 -0)
.claude/skills/github-forensics/github-evidence-kit/src/__init__.py (+213 -0)
.claude/skills/github-forensics/github-evidence-kit/src/clients/__init__.py (+14 -0)
.claude/skills/github-forensics/github-evidence-kit/src/clients/gharchive.py (+120 -0)
.claude/skills/github-forensics/github-evidence-kit/src/clients/git.py (+121 -0)
.claude/skills/github-forensics/github-evidence-kit/src/clients/github.py (+121 -0)
.claude/skills/github-forensics/github-evidence-kit/src/clients/wayback.py (+71 -0)
.claude/skills/github-forensics/github-evidence-kit/src/collectors/__init__.py (+14 -0)
.claude/skills/github-forensics/github-evidence-kit/src/collectors/api.py (+246 -0)
.claude/skills/github-forensics/github-evidence-kit/src/collectors/archive.py (+212 -0)
.claude/skills/github-forensics/github-evidence-kit/src/collectors/local.py (+85 -0)
.claude/skills/github-forensics/github-evidence-kit/src/collectors/wayback.py (+89 -0)
.claude/skills/github-forensics/github-evidence-kit/src/helpers.py (+111 -0)
.claude/skills/github-forensics/github-evidence-kit/src/parsers.py (+384 -0)
.claude/skills/github-forensics/github-evidence-kit/src/schema/__init__.py (+101 -0)

...and 20 more files

📄 Description

feat: Add GitHub forensics toolkit for security
investigations

Introduces a comprehensive suite for GitHub-related OSINT
and forensic
analysis, designed for incident response and security
research.

Skills:

  • github-archive: Query GH Archive for historical GitHub
    events
  • github-commit-recovery: Recover deleted/force-pushed
    commits via GitHub API
  • github-wayback-recovery: Retrieve deleted content via
    Wayback Machine

Python Library (github-evidence-kit):

  • Pydantic schema for evidence types (events, observations,
    IOCs)
  • Clients: GH Archive, GitHub API, Wayback Machine, local
    git
  • Collectors: API, archive, local, wayback sources
  • Parsers: Extract structured data from raw GitHub events
  • Verifiers: Cross-source consistency checking
  • Store: Evidence persistence and timeline reconstruction
  • Comprehensive test suite with fixtures

Use cases: Deleted content recovery, force-push forensics,
timeline
reconstruction, supply chain investigation, and threat
actor attribution.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/gadievron/raptor/pull/10 **Author:** [@mbrg](https://github.com/mbrg) **Created:** 11/29/2025 **Status:** ✅ Merged **Merged:** 11/29/2025 **Merged by:** [@mbrg](https://github.com/mbrg) **Base:** `main` ← **Head:** `github-forensics` --- ### 📝 Commits (10+) - [`9a273c7`](https://github.com/gadievron/raptor/commit/9a273c7a32166ba05f2efd6302148446a8d7fae5) init GH Archive skill - [`56af489`](https://github.com/gadievron/raptor/commit/56af4892cb02e8a2e140692d92dd4f207ec780b3) claude helps write gh archive skill - [`5f74fbd`](https://github.com/gadievron/raptor/commit/5f74fbd40d871a4e4e118bffa2d760c0b470ca04) restructure for clarity - [`d514f40`](https://github.com/gadievron/raptor/commit/d514f40eefc832973a260aa145382d8ff59cebd1) prune fluff - [`4d5fb62`](https://github.com/gadievron/raptor/commit/4d5fb6205b5197edf58a2f4a15b003daa4c7cf99) detect api access - [`066ca4c`](https://github.com/gadievron/raptor/commit/066ca4c88963ea27b1b193a82bedcfda34e79cb7) prune "Automation vs Direct API Attribution" - [`56d8437`](https://github.com/gadievron/raptor/commit/56d843710a8999c5e762770be200b6a3c17cb280) restructure under github-analysis - [`160ce93`](https://github.com/gadievron/raptor/commit/160ce93fdfda2d307f80f52478d2f22632de2e0a) claude helps - [`0b1c411`](https://github.com/gadievron/raptor/commit/0b1c411b1fc353c66b32fd8f260bc76617fb83b9) Merge pull request #1 from mbrg/github-ti-agent - [`d1b8811`](https://github.com/gadievron/raptor/commit/d1b881159e4edb6d9034cdd8a9a96c5199689927) Add force push recovery techniques to GitHub analysis skills ### 📊 Changes **40 files changed** (+8328 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `.claude/skills/github-forensics/github-archive/SKILL.md` (+712 -0) ➕ `.claude/skills/github-forensics/github-commit-recovery/SKILL.md` (+303 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/SKILL.md` (+363 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/pytest.ini` (+3 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/requirements.txt` (+15 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/self_improvement_prompt.md` (+13 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/__init__.py` (+213 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/clients/__init__.py` (+14 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/clients/gharchive.py` (+120 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/clients/git.py` (+121 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/clients/github.py` (+121 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/clients/wayback.py` (+71 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/collectors/__init__.py` (+14 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/collectors/api.py` (+246 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/collectors/archive.py` (+212 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/collectors/local.py` (+85 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/collectors/wayback.py` (+89 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/helpers.py` (+111 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/parsers.py` (+384 -0) ➕ `.claude/skills/github-forensics/github-evidence-kit/src/schema/__init__.py` (+101 -0) _...and 20 more files_ </details> ### 📄 Description feat: Add GitHub forensics toolkit for security investigations Introduces a comprehensive suite for GitHub-related OSINT and forensic analysis, designed for incident response and security research. Skills: - github-archive: Query GH Archive for historical GitHub events - github-commit-recovery: Recover deleted/force-pushed commits via GitHub API - github-wayback-recovery: Retrieve deleted content via Wayback Machine Python Library (github-evidence-kit): - Pydantic schema for evidence types (events, observations, IOCs) - Clients: GH Archive, GitHub API, Wayback Machine, local git - Collectors: API, archive, local, wayback sources - Parsers: Extract structured data from raw GitHub events - Verifiers: Cross-source consistency checking - Store: Evidence persistence and timeline reconstruction - Comprehensive test suite with fixtures Use cases: Deleted content recovery, force-push forensics, timeline reconstruction, supply chain investigation, and threat actor attribution. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 04:07:53 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
sage_integration
feature/agentic-understand-validate
feature/release-workflow
feature/semgrep-offline-rules
feature/dockerfile-bookworm-fixes
hardware-phun
v3.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
good first issue

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
enhancement
enhancement
good first issue
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/raptor#23
No description provided.