GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → UKHomeOffice → Repo Security Scanner

UKHomeOffice / Repo Security Scanner

Licence: mit
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

securitysecurity-audit

Projects that are alternatives of or similar to Repo Security Scanner

Habu
Hacking Toolkit
Stars: ✭ 635 (-35.01%)
Mutual labels:  security-audit
Gourdscanv2
被动式漏洞扫描系统
Stars: ✭ 740 (-24.26%)
Mutual labels:  security-audit
Cs Suite
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Stars: ✭ 815 (-16.58%)
Mutual labels:  security-audit
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (-33.98%)
Mutual labels:  security-audit
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (-25.79%)
Mutual labels:  security-audit
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-21.49%)
Mutual labels:  security-audit
Kube Scan
kube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-42.07%)
Mutual labels:  security-audit
Golang Tls
Simple Golang HTTPS/TLS Examples
Stars: ✭ 857 (-12.28%)
Mutual labels:  security-audit
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+542.89%)
Mutual labels:  security-audit
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (-16.68%)
Mutual labels:  security-audit
Sqliscanner
Automatic SQL injection with Charles and sqlmap api
Stars: ✭ 674 (-31.01%)
Mutual labels:  security-audit
Inql
InQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (-26.82%)
Mutual labels:  security-audit
Dsinternals
Directory Services Internals (DSInternals) PowerShell Module and Framework
Stars: ✭ 776 (-20.57%)
Mutual labels:  security-audit
Dawnscanner
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
Stars: ✭ 642 (-34.29%)
Mutual labels:  security-audit
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-98.36%)
Mutual labels:  security-audit
Skf Flask
Security Knowledge Framework (SKF) Python Flask / Angular project
Stars: ✭ 573 (-41.35%)
Mutual labels:  security-audit
Graudit
grep rough audit - source code auditing tool
Stars: ✭ 747 (-23.54%)
Mutual labels:  security-audit
Wordpress Exploit Framework
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Stars: ✭ 882 (-9.72%)
Mutual labels:  security-audit
S3 Permission Checker
Check read, write permissions on S3 buckets in your account
Stars: ✭ 18 (-98.16%)
Mutual labels:  security-audit
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (-18.53%)
Mutual labels:  security-audit
View All Similar Projects ➔

repo-security-scanner

  • CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
  • Run it against your entire repo's history by piping the output from git log -p

Installation

  1. Download the latest stable release of the CLI tool for your architecture
  2. Extract the tar and move the scanrepo binary to somewhere in your $PATH, eg /usr/bin

Usage

Check the entire history of the current branch for secrets.

$ git log -p | scanrepo

------------------
Violation 1
Commit: 4cc087a1b4731d1017844cc86323df43068b0409
File: web/src/db/seed.sql
Reason: "SQL dump file"

------------------
Violation 2
Commit: 142e6019248c0d53a5240242ed1a75c0cc110a0b
File: config/passwords.ini
Reason: "Contains word: password"

...

Add false positives to .secignore 

$ cat .secignore
file/that/is/not/really/a/secret/but/looks/like/one/to/diffence
these/pems/are/ok/*.pem

See example in this repo.

Notifications

Work in progress.

Local Testing

Set environment variables needed

Create env file and update environment variables.

$ cp .env{.example,}
# update .env values
$ vi .env
$ source .env

Launch containers

$ docker-compose up -d

Run test offenses

$ make test-run-offenses

Debugging Elastalert

$ docker exec -it <elastalert_container_hash> sh
# run elastalert test rule utility within elastalert container
$ elastalert-test-rule --config $ELASTALERT_CONFIG --count-only "$RULES_DIRECTORY/new_violation.yaml"
$ elastalert-test-rule --alert --config $ELASTALERT_CONFIG "$RULES_DIRECTORY/new_violation.yaml"
# run elastalert in debug mode
$ elastalert --config "$ELASTALERT_CONFIG" --rule "$RULES_DIRECTORY/new_violation.yaml" --debug

Logs

$ tail -f /log/elastalert_new_violation_rule.log
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].