gittyleaks

Release 0.0.31

Discover where your sensitive data has been leaked.

Homepage PyPI Python

License
GPL-2.0+
Install
pip install gittyleaks==0.0.31

Documentation

gittyleaks

Discover where your sensitive data has been leaked.

Very often it happens that when mocking/just starting out with a new project on github, sensitive data gets added. API keys, usernames, passwords and emails are easily added.... and then forgotten.

Use this tool to detect where the mistakes are in your repos.

It works by trying to find words like 'username', 'password', and 'email' and shortenings in quoted strings, config style or JSON format. It captures the value assigned to it (after meeting some conditions) for further work.

Run gittyleaks in a git repo and find out! (common usage patterns )

Installation

Best way is to use pip to install:

pip install gittyleaks    # for python 2
pip3 install gittyleaks   # for python 3

Now you have gittyleaks as a python executable available on your system.

Upgrades can be done by giving the -U flag; pip3 install -U gittyleaks.

Command line usage

The program can be simply called by gittyleaks. There are 4 types of arguments.

  • Arguments for solving a bad situation (not there yet)
  • Arguments for changing whether there is a hit
  • Arguments for cloning a repo
  • Arguments concerned with printing results

Note that all arguments mentioned below have a short one letter + dash (e.g. -delete -> -d) version.

Find out more by using gittyleaks -h at commandline, or read on.

Solving bad situations

There has yet to be found a way how to help the user do something about it. This guide can help in the mean time: https://help.github.com/articles/remove-sensitive-data/

Hits

gittyleaks                               # default "smart" filter
gittyleaks --find-anything               # find anything remotely suspicious
gittyleaks --excluding $ . [ example ,   # exclude some string matches (e.g. `$` occurs)
gittyleaks --case-sensitive              # set it to be strict about case

Cloning

# gittyleaks -l some-git-cloneable-link
gittyleaks -link https://github.com/kootenpv/yagmail

# gittyleaks -user githubusername -repo githubusername
gittyleaks -user kootenpv -repo yagmail

# Giving the -d option deletes the repo afterwards immediately

Printing results

gittyleaks --verbose              # longer output
gittyleaks --no-banner (-b)       # do not print banner
gittyleaks --no-fancy-color (-f)  # turn off colors

Roadmap

Deleting a cloned repo should also be added with perhaps adding the -d flag

Allow user to --find-anything rather than filtering

Allow subclassing and overwriting certain methods. Docs on that to follow.

The package will soon provide the best practice to remedy this issue based on https://help.github.com/articles/remove-sensitive-data/.

Quality improvements to the detection.

Implementing a best practice deployment git hook (i.e. automatically check we do not upload unwanted data, and break deployment if there is)

Tests, tests, tests

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
12
Latest release
First release
Stars
319
Forks
38
Watchers
9
Contributors
6
Repository size
47.9 KB
SourceRank
11

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.31
0.0.27
0.0.23
0.0.20
0.0.17
0.0.16
0.0.13
0.0.12
0.0.11
0.0.10
See all 12 releases

Contributors

Pascal van Kooten Jeff @tkmru Zoltan Polgar alexyr baniocarpentercode42


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-12-15 16:36:29 UTC

Login to resync this project