zricethezav
7bbf07e7e6
chdir for local repo mode
|
8 lat temu | |
|---|---|---|
| vendor | 8 lat temu | |
| .travis.yml | 8 lat temu | |
| CHANGELOG.md | 8 lat temu | |
| Dockerfile | 8 lat temu | |
| Gopkg.lock | 8 lat temu | |
| Gopkg.toml | 8 lat temu | |
| LICENSE | 8 lat temu | |
| README.md | 8 lat temu | |
| checks.go | 8 lat temu | |
| checks_test.go | 8 lat temu | |
| main.go | 8 lat temu | |
| options.go | 8 lat temu | |
| options_test.go | 8 lat temu | |
| owner.go | 8 lat temu | |
| owner_test.go | 8 lat temu | |
| repo.go | 8 lat temu | |
| repo_test.go | 8 lat temu |
README.md
Audit git repos for secrets and keys
Installing
go get -u github.com/zricethezav/gitleaks
Usage and Explanation
./gitleaks [options] <url/path>
Gitleaks audits local and remote repos by running regex checks against all commits.
Options
usage: gitleaks [options] <URL>/<path_to_repo>
Options:
-u --user Git user mode
-r --repo Git repo mode
-o --org Git organization mode
-l --local Local mode, gitleaks will look for local repo in <path>
-t --temp Clone to temporary directory
-v --verbose Verbose mode, will output leaks as gitleaks finds them
--report-path=<STR> Save report to path, gitleaks default behavior is to save report to pwd
--clone-path=<STR> Gitleaks will clone repos here, default pwd
--concurrency=<INT> Upper bound on concurrent diffs
--since=<STR> Commit to stop at
--b64Entropy=<INT> Base64 entropy cutoff (default is 70)
--hexEntropy=<INT> Hex entropy cutoff (default is 40)
-e --entropy Enable entropy
-h --help Display this message
--token=<STR> Github API token
--stopwords Enables stopwords
Exit Codes
| code | explanation |
|---|---|
| 0 | Gitleaks succeeded with no leaks |
| 1 | Gitleaks failed or wasn't attempted due to execution failure |
| 2 | Gitleaks succeeded and leaks were present during the audit |
Use these codes to hook gitleaks into whatever pipeline you're running
Examples
gitleaks
Run audit on current working directory if .git is present
gitleaks --local $HOME/audits/some/repo
Run audit on repo located in HOME/audits/some/repo if .git is present
gitleaks https://github.com/some/repo
Run audit on github.com/some/repo.git and clone repo to
gitleaks --clone-path=$HOME/Desktop/audits https://github.com/some/repo
Run audit on github.com/some/repo.git and clone repo to $HOME/Desktop/audits
gitleaks --temp https://github.com/some/repo
Run audit on github.com/some/repo.git and clone repo to $TMPDIR (this will remove repos after audit is complete)
gitleaks --temp -u https://github.com/some-user
Run audit on all of some-user's repos. Again, --temp flag will clone all repos into $TMPDIR after be removed after audit
If you find a valid leak in a repo
Please read the Github article on removing sensitive data from a repository to remove the sensitive information from your history.
Run me with docker
Simply run docker run --rm --name=gitleaks zricethezav/gitleaks https://github.com/zricethezav/gitleaks
Or build the image yourself to get the latest version :
docker build -t gitleaks .
docker run --rm --name=gitleaks gitleaks https://github.com/zricethezav/gitleaks
cypherphunky
BTC: 1H2rSXDJZxWcTk2Ugr5P9r9m93m2NhL4xj
BCH: qp4mdaef04g5d0xpgecx78fmruk6vgl4pgqtetrl9h
ETH: 0xe48b4Fce6A1C1a9C780376032895b06b1709AddF
LTC: LRhDzMyGos5CtZMoSTEx5rdLksPUwSrtuz
s/o to @jlakowski for the gimp skillz