GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → valayDave → tell-me-your-secrets

valayDave / tell-me-your-secrets

Licence: MIT license
Find secrets on any machine from over 120 Different Signatures.

Programming Languages

python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

securitysecurity-auditssh-keyssecret-filesaws-accesskeyssecrets-detectionfind-secrets

Projects that are alternatives of or similar to tell-me-your-secrets

codecat
CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.
Stars: ✭ 265 (+754.84%)
Mutual labels:  security-audit
awesome-rails-security
A curated list of security resources for a Ruby on Rails application
Stars: ✭ 36 (+16.13%)
Mutual labels:  security-audit
MailRipV3
SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-9.68%)
Mutual labels:  security-audit
aura
Python source code auditing and static analysis on a large scale
Stars: ✭ 101 (+225.81%)
Mutual labels:  security-audit
humble
A humble, and fast, security-oriented HTTP headers analyzer
Stars: ✭ 17 (-45.16%)
Mutual labels:  security-audit
sec-scannode
SEC分布式资产扫描系统
Stars: ✭ 8 (-74.19%)
Mutual labels:  security-audit
clair-singularity
Scan Singularity container images using a Clair server
Stars: ✭ 14 (-54.84%)
Mutual labels:  security-audit
RockYou2021.txt
RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!
Stars: ✭ 288 (+829.03%)
Mutual labels:  security-audit
security-reviews
A community collection of security reviews of open source software components.
Stars: ✭ 67 (+116.13%)
Mutual labels:  security-audit
docker-wallarm-node
⚡️ Docker official image for Wallarm Node. API security platform agent.
Stars: ✭ 18 (-41.94%)
Mutual labels:  security-audit
assimilation-official
This is the official main repository for the Assimilation project
Stars: ✭ 47 (+51.61%)
Mutual labels:  security-audit
magento-corediff
Quickly find modifications in Magento 1 or Magento 2 core code
Stars: ✭ 23 (-25.81%)
Mutual labels:  security-audit
phan-taint-check-plugin
Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)
Stars: ✭ 21 (-32.26%)
Mutual labels:  security-audit
RFMap
RFMap - Radio Frequency Mapper
Stars: ✭ 23 (-25.81%)
Mutual labels:  security-audit
Spydan
A web spider for shodan.io without using the Developer API.
Stars: ✭ 30 (-3.23%)
Mutual labels:  security-audit
MantOS
LIFARS Networking Security GNU/Linux distro
Stars: ✭ 24 (-22.58%)
Mutual labels:  security-audit
nightfall dlp action
GitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.
Stars: ✭ 46 (+48.39%)
Mutual labels:  secrets-detection
ehids
A Linux Host-based Intrusion Detection System based on eBPF.
Stars: ✭ 210 (+577.42%)
Mutual labels:  security-audit
Logmira
Logmira by Blumira has been created by Amanda Berlin as a helpful download of Microsoft Windows Domain Group Policy Object settings.
Stars: ✭ 46 (+48.39%)
Mutual labels:  security-audit
vsaudit
VOIP Security Audit Framework
Stars: ✭ 104 (+235.48%)
Mutual labels:  security-audit
View All Similar Projects ➔

Tell Me Your Secrets

CI Codacy Badge Codacy Badge PyPI version PyPI downloads

A simple module which finds files with different secrets keys present inside a directory. Secrets derived from 120 different signatures.

Installation

With pipx:

pipx install tell-me-your-secrets

With Pip:

pip install tell-me-your-secrets

From source:

git clone [email protected]:valayDave/tell-me-your-secrets.git
cd tell-me-your-secrets
python3 -m venv .env
source .env/bin/activate
pip install .

Module Usage

tell-me-your-secrets [-h] [-c CONFIG] [-w WRITE] [-f FILTER [FILTER ...]] [-v] [-e] [-g] search_path

Usage Examples

  • tell-me-your-secrets -c new_config.yml /home : Find secrets in the home directory according to the provided config file. config.yml structure provided in the next section.

  • tell-me-your-secrets /home -f aws microsoft crypto digitalocean ssh sql google : Will use the default config and filter signatures according to those keywords.

Module Configuration

The config.yml file contains the configuration for the module. All signatures derived from the config file.

blacklisted_extensions: [] # list of extensions to ignore
blacklisted_paths: [] # list of paths to ignore
red_flag_extensions: [] # list of Extensions not be ignored
whitelisted_strings: [] # Add strings which should always be ignored
signatures: # list of signatures to check
  - part: '' # either filename, extension, path or contents
    match: '' # simple text comparison (if no regex element)
    regex: '' # regex pattern (if no match element)
    name: '' # name of the signature

Contributing

  • Fork this repo
  • Create pull requests against the master branch
  • Be sure to add tests for changes or additional functionality
  • Ensure that the PR description clearly describes the behaviour of the change
  • Ensure that CI tests pass

Setup environment

python -m venv .venv
source .venv/bin/activate
pip install -r requirements-test.txt

Pre-commit

We leverage the pre-commit framework.

Install git hooks with pre-commit install.

Run the checks pre-commit run --all-files.

Module Inspiration

As a sysadmin, when machines are provisioned on the cloud to developers, some recklessly leave secret keys and files behind on those machines. This module helps find such leakages.

Module Credits

  • Signatures Derived from shhgit

  • Available Signatures :

Chef private key, Potential Linux shadow file, Potential Linux passwd file, Docker configuration file, NPM configuration file, Environment configuration file, Contains a private key, AWS Access Key ID Value, AWS Access Key ID, AWS Account ID, AWS Secret Access Key, AWS Session Token, Artifactory, CodeClimate, Facebook access token, Google (GCM) Service account, Stripe API key, Google OAuth Key, Google Cloud API Key
Google OAuth Access Token, Picatic API key, Square Access Token, Square OAuth Secret, PayPal/Braintree Access Token, Amazon MWS Auth Token, Twilo API Key, MailGun API Key, MailChimp API Key, SSH Password, Outlook team, Sauce Token, Slack Token, Slack Webhook, SonarQube Docs API Key, HockeyApp, Username and password in URI, NuGet API Key, Potential cryptographic private key, Log file, Potential cryptographic key bundle, Potential cryptographic key bundle
Potential cryptographic key bundle, Potential cryptographic key bundle, Pidgin OTR private key, OpenVPN client configuration file, Azure service configuration schema file, Remote Desktop connection file, Microsoft SQL database file, Microsoft SQL server compact database file, SQLite database file, SQLite3 database file, Microsoft BitLocker recovery key file
Microsoft BitLocker Trusted Platform Module password file, Windows BitLocker full volume encrypted data file, Java keystore file, Password Safe database file, Ruby On Rails secret token configuration file, Carrierwave configuration file, Potential Ruby On Rails database configuration file, OmniAuth configuration file, Django configuration file
1Password password manager database file, Apple Keychain database file, Network traffic capture file, GnuCash database file, Jenkins publish over SSH plugin file, Potential Jenkins credentials file, KDE Wallet Manager database file, Potential MediaWiki configuration file, Tunnelblick VPN configuration file, Sequel Pro MySQL database manager bookmark file, Little Snitch firewall configuration file, Day One journal file, Potential jrnl journal file, Chef Knife configuration file, cPanel backup ProFTPd credentials file
Robomongo MongoDB manager configuration file, FileZilla FTP configuration file, FileZilla FTP recent servers file, Ventrilo server configuration file, Terraform variable config file, Shell configuration file, Shell configuration file, Shell configuration file, Private SSH key, Private SSH key, Private SSH key, Private SSH key, SSH configuration file, Potential cryptographic private key, Shell command history file
MySQL client command history file, PostgreSQL client command history file, PostgreSQL password file, Ruby IRB console history file, Pidgin chat client account configuration file, Hexchat/XChat IRC client server list configuration file, Irssi IRC client configuration file, Recon-ng web reconnaissance framework API key database, DBeaver SQL database manager configuration file, Mutt e-mail client configuration file, S3cmd configuration file, AWS CLI credentials file, SFTP connection configuration file, T command-line Twitter client configuration file, Shell configuration file
Shell profile configuration file, Shell command alias configuration file, PHP configuration file, GNOME Keyring database file, KeePass password manager database file, SQL dump file, Apache htpasswd file, Configuration file for auto-login process, Rubygems credentials file, Tugboat DigitalOcean management tool configuration, DigitalOcean doctl command-line client configuration file, git-credential-store helper credentials file, GitHub Hub command-line client configuration file, Git configuration file

Author

Licence

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].