# GitHub Repo Scanner This endpoint scans a specified GitHub repository for potentially malicious code. It identifies risky executions, known encrypted payloads, obfuscated scripts and common malware patterns. The API provides detailed detections with file names, line numbers, and decoded content (if applicable). {% hint style="warning" %} This API is for non-commercial use. If you would like to use it in a commercial product or in a way that generates revenue, please contact me at ****. The service is not designed to scale for commercial demands, and I want to maintain a high quality of service for existing users. {% endhint %} *** ### **Endpoint** ```http https://api.elliott.diy/v1/malware/github?repo=/ ``` *** ### **Request Parameters** | Parameter | Type | Required | Description | | --------- | ------ | -------- | ------------------------------------------------------------- | | `repo` | string | ✅ Yes | The GitHub repository to scan, formatted as `/`. | *** ### **Example Request** ```bash curl "https://api.elliott.diy/v1/malware/github?repo=grobarqxd6996/Discord-Boost-Tool" ``` *** ### **Response Format** * **Content-Type:** `application/json` * **Status Codes:** * `200 OK`: Successfully analyzed the repository. * `400 Bad Request`: Invalid or missing repository name. * `500 Internal Server Error`: An error occurred during analysis. **Example Response (Defanged)** ```json { "detections": [ { "file": "muck-stealer.py", "line": 22, "content": "import subprocess; subprocess.run(['pip', 'install', 'cryptography'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL); ...", "decoded": null } ], "urls": null, "suspicious": true } ``` *** ### **Response Fields** | Field | Type | Description | | ------------ | -------------- | --------------------------------------------------------------------- | | `detections` | Array | List of detected suspicious code patterns. | | `file` | String | Name of the file where the detection occurred. | | `line` | Integer | Line number where the suspicious content was found. | | `content` | String | Snippet of the detected code. | | `decoded` | String or null | Decoded content if applicable. | | `urls` | Array or null | Extracted URLs (if any). | | `suspicious` | Boolean | Indicates whether the repository contains potentially malicious code. | *** ### **Usage Notes** * The API **flags suspicious patterns** but does not guarantee accuracy—manual review is recommended. * If `decoded` is `null`, the script may contain **encrypted or obfuscated** code that requires further analysis. * If the payload is heavily obfuscated the API may fail due to internal database constraints. * Designed to help detect **malware, info stealers, and automated threats** in repositories. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elliott.diy/code-scanning/github-repo-scanner.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.