Shashank-In/TravisLeaks Shashank-In/TravisLeaks

  • Stars
    star
    142
  • Rank 257,563 (Top 6 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Shashank-In/TravisLeaks
github

Shashank-In

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool to find sensitive keys and passwords in Travis logs

TravisLeaks 🚀

A tool to find sensitive keys and passwords in Travis logs

travis gif


Description

Read the Blog post here

Just enter the Travis user name of the organization. The script will automatically find out all jobs and then do two things:

  1. Look for ED's keywords for potential leaks
  2. Use the concept of entropy to find potential API keys in the logs

Requirements (using travisleak.py script)

Python 3.X
pip install -r requirements.txt

Optional: Github Token for scanning GitHub Org's members

export GITHUB_API_KEY=""

Usage

python travisleak.py -o travis_user_name -m -out Directory_to_write_output_to

-m Optional to scan Organization's members



travis_exe2



Credits:-

The keywords for the potential leak was taken from ED's blog post here

The concept of entropy was adapted from here

Note

This tool still needs a lot of development. I would be glad if someone would like to contribute to this project.

Goals

  • Better output format
  • Support CircleCI scans

More Repositories

1

VulEdiWi

A tool to find all the publicly editable wiki of an organisation and publish your demo page on it
Python
9
star
2

gitcollector

A simple web tool to find repos of an organisation or user
HTML
2
star
3

Creative_space

WebTech Project
JavaScript
1
star