Главная Обзор Помощь
Вход
LBP
/
gitleaks
зеркало из https://github.com/gitleaks/gitleaks.git
4
0
Ответвить 0
Файлы Задачи 0 Вики

Нет описания

Дерево: c104ff9157
Ветки Метки
gitleaks
ZIP TAR.GZ
zricethezav c104ff9157 file, author, repourl, time, commitmsg to leakElem 8 лет назад
.travis.yml 4ea51fc98d go 1.9 and travis badge 8 лет назад
CHANGELOG.md 1b06f1a0dc init 0.2.0 work 8 лет назад
Dockerfile d9d87410e2 Added dockerfile 8 лет назад
LICENSE d70dded366 Create LICENSE 8 лет назад
README.md c11171f47d the damned README 8 лет назад
checks.go c104ff9157 file, author, repourl, time, commitmsg to leakElem 8 лет назад
checks_test.go 1b06f1a0dc init 0.2.0 work 8 лет назад
leaks.go c104ff9157 file, author, repourl, time, commitmsg to leakElem 8 лет назад
main.go c104ff9157 file, author, repourl, time, commitmsg to leakElem 8 лет назад
options.go 1b06f1a0dc init 0.2.0 work 8 лет назад

README.md

GitLeaks

Build Status

Check git repos for secrets and keys

Features

  • Search all commits on all branches in topological order
  • Regex/Entropy checks

Installing

go get -u github.com/zricethezav/gitleaks

Usage and Explanation

Alt Text

./gitleaks {git url}

This example will clone the target {git url} and run a diff on all commits. A report will be outputted to {repo_name}_leaks.json Gitleaks scans all lines of all commits and checks if there are any regular expression matches. The regexs are defined in main.go. Work largely based on https://people.eecs.berkeley.edu/~rohanpadhye/files/key_leaks-msr15.pdf and regexes from https://github.com/dxa4481/truffleHog and https://github.com/anshumanbh/git-all-secrets.

gitLeaks User
./gitleaks -u {user git url}
gitLeaks Org
./gitleaks -o {org git url}

Help

usage: gitleaks [options] <url>

Options:
 -c                     Concurrency factor (default is 10)
 -u --user              Git user url
 -r --repo              Git repo url
 -o --org               Git organization url
 -s --since             Scan until this commit (SHA)
 -b --b64Entropy        Base64 entropy cutoff (default is 70)
 -x --hexEntropy        Hex entropy cutoff (default is 40)
 -e --entropy           Enable entropy
 --strict               Enables stopwords
 -h --help              Display this message

NOTE: your mileage may vary so if you aren't getting the results you expected try updating the regexes to fit your needs or try tweaking the entropy cutoffs and stopwords. Entropy cutoff for base64 alphabets seemed to give good results around 70 and hex alphabets seemed to give good results around 40. Entropy is calculated using Shannon entropy.

If you find a valid leak in a repo

Please read the Github article on removing sensitive data from a repository to remove the sensitive information from your history.

Run me with docker

Simply run docker run --rm --name=gitleaks raphaelareya/gitleaks https://github.com/zricethezav/gitleaks

Or build the image yourself to get the latest version :

docker build -t gitleaks .
docker run --rm --name=gitleaks gitleaks https://github.com/zricethezav/gitleaks