Zachary Rice
73ea4dfe3b
Merge pull request #13 from zricethezav/stopwords
|
пре 8 година | |
|---|---|---|
| .travis.yml | пре 8 година | |
| README.md | пре 8 година | |
| checks.go | пре 8 година | |
| checks_test.go | пре 8 година | |
| leaks.go | пре 8 година | |
| leaks_test.go | пре 8 година | |
| main.go | пре 8 година | |
| options.go | пре 8 година |
README.md
GitLeaks
Check git repos for secrets and keys
Features
- Search all commits on all branches in topological order
- Regex/Entropy checks
Installing
go get -u github.com/zricethezav/gitleaks
Usage and Explanation
./gitleaks {git url}
This example will clone the target {git url} and run a diff on all commits. A report will be output to {repo_name}_leaks.json
Gitleaks scans all lines of all commits and checks if there are any regular expression matches. The regexs are defined in main.go. For example if a line in a commit diff like AWS_KEY='AKAI...' exists then the value after the assignment operator will be checked for entropy. If the value is above a certain entropy threshold then we assume that the line contains a key/secret. Work largely based on https://people.eecs.berkeley.edu/~rohanpadhye/files/key_leaks-msr15.pdf
Help
usage: gitleaks [options] [git url]
Options:
-c Concurrency factor (potential number of git files open)
-u Git user url
-r Git repo url
-o Git organization url
-s Strict mode uses stopwords in checks.go
-e Base64 entropy cutoff, default is 70
-x Hex entropy cutoff, default is 40
-h --help Display this message
TODO
- Specify a target branch
- Support for custom regex
- Filter regex
- Modify entropy cutoff