• Stars
    star
    741
  • Rank 61,194 (Top 2 %)
  • Language
    Python
  • Created over 9 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

πŸ’§ Find sensitive information for a git repo

gittyleaks

Discover where your sensitive data has been leaked.

Very often it happens that when mocking/just starting out with a new project on github, sensitive data gets added. API keys, usernames, passwords and emails are easily added.... and then forgotten.

Use this tool to detect where the mistakes are in your repos.

It works by trying to find words like 'username', 'password', and 'email' and shortenings in quoted strings, config style or JSON format. It captures the value assigned to it (after meeting some conditions) for further work.

Run gittyleaks in a git repo and find out! (common usage patterns )

Installation

Best way is to use pip to install:

pip install gittyleaks    # for python 2
pip3 install gittyleaks   # for python 3

Now you have gittyleaks as a python executable available on your system.

Upgrades can be done by giving the -U flag; pip3 install -U gittyleaks.

Command line usage

The program can be simply called by gittyleaks. There are 4 types of arguments.

  • Arguments for solving a bad situation (not there yet)
  • Arguments for changing whether there is a hit
  • Arguments for cloning a repo
  • Arguments concerned with printing results

Note that all arguments mentioned below have a short one letter + dash (e.g. -delete -> -d) version.

Find out more by using gittyleaks -h at commandline, or read on.

Solving bad situations

There has yet to be found a way how to help the user do something about it. This guide can help in the mean time: https://help.github.com/articles/remove-sensitive-data/

Hits

gittyleaks                               # default "smart" filter
gittyleaks --find-anything               # find anything remotely suspicious
gittyleaks --excluding $ . [ example ,   # exclude some string matches (e.g. `$` occurs)
gittyleaks --case-sensitive              # set it to be strict about case

Cloning

# gittyleaks -l some-git-cloneable-link
gittyleaks -link https://github.com/kootenpv/yagmail

# gittyleaks -user githubusername -repo githubusername
gittyleaks -user kootenpv -repo yagmail

# Giving the -d option deletes the repo afterwards immediately

Printing results

gittyleaks --verbose              # longer output
gittyleaks --no-banner (-b)       # do not print banner
gittyleaks --no-fancy-color (-f)  # turn off colors

Roadmap

Deleting a cloned repo should also be added with perhaps adding the -d flag

Allow user to --find-anything rather than filtering

Allow subclassing and overwriting certain methods. Docs on that to follow.

The package will soon provide the best practice to remedy this issue based on https://help.github.com/articles/remove-sensitive-data/.

Quality improvements to the detection.

Implementing a best practice deployment git hook (i.e. automatically check we do not upload unwanted data, and break deployment if there is)

Tests, tests, tests

More Repositories

1

whereami

Uses WiFi signals πŸ“Ά and machine learning to predict where you are
Python
5,100
star
2

yagmail

Send email in Python conveniently for gmail using yagmail
Python
2,639
star
3

neural_complete

A neural network trained to help writing neural network code using autocomplete
Python
1,152
star
4

sky

πŸŒ… next generation web crawling using machine intelligence
Python
328
star
5

contractions

Fixes contractions such as `you're` to `you are`
Python
308
star
6

access_points

Scan your WiFi and get access point information and signal quality
Python
187
star
7

textsearch

Find strings/words in text; convenience and C speed πŸŽ†
Python
126
star
8

brightml

Convenient Machine-Learned Auto Brightness (Linux)
Python
120
star
9

shrynk

Using Machine Learning to learn how to Compress ⚑
Python
109
star
10

loco

Share localhost through SSH. Local/Remote port forwarding made safe and easy.
Python
106
star
11

cliche

Build a simple command-line interface from your functions πŸ’»
Python
105
star
12

tok

Fast and customizable tokenization 🚀
Python
64
star
13

just

Just is a wrapper to automagically read/write a file based on extension
Python
50
star
14

aserve

Easily mock an API β˜•
Python
50
star
15

spacy_api

Server/Client around Spacy to load spacy only once
Python
46
star
16

xtoy

Automated Machine Learning: go from 'X' to 'y' without effort.
Python
46
star
17

requests_viewer

View requests objects with style
Python
42
star
18

cant

For those who can't remember how to get a result
Python
34
star
19

aioyagmail

makes sending emails very easy by doing all the magic for you, asynchronously
Python
29
star
20

sysdm

Scripts as a service. Builds on systemd (for Linux)
Python
21
star
21

deep_eye2mouse

Move the mouse by your webcam + eyes
Python
20
star
22

reddit_ml_challenge

Reddit Machine Learning: Tagging Challenge
Python
19
star
23

inthenews.io

Get the latest and greatest in news (on Python)
CSS
19
star
24

crtime

Get creation time of files for any platform - no external dependencies ⏰
Python
16
star
25

natura

Find currencies / money talk in natural text
Python
15
star
26

rebrand

✨ Refactor your software using programming language independent, case-preserving string replacement πŸ’„
Python
15
star
27

emacs-kooten-theme

Dark color theme by kootenpv
Emacs Lisp
14
star
28

justdb

Just a thread/process-safe, file-based, fast, database.
Python
8
star
29

fastlang

Fast Detection of Language without Dependencies
Python
7
star
30

quickpip

A template for creating a quick, maintainable and high quality pypi project
Python
7
star
31

xdb

Ambition: Single API for any database in Python
Python
6
star
32

nostalgia_chrome

Self tracking your online life!
Python
5
star
33

cnn_basics

NLP using CNN on Cornell Movie Ratings
Python
4
star
34

kootenpv.github.io

Pascal van Kooten's website hosted on github.io
CSS
3
star
35

gittraffic

Save your gittrafic data so it won't get lost!
Python
3
star
36

flymake-solidity

flymake for solidity, using flymake-easy: live feedback on writing solidity contracts
Emacs Lisp
3
star
37

ppm

Safe password manager
C
2
star
38

automl_presentation

Example code for the presentation "Automated Machine Learning"
Python
2
star
39

dot_access

Makes nested python objects easy to go through
Python
1
star
40

feedview

View a feed url with `feedview <URL>`
Python
1
star
41

PassMan

android app for ppm
C
1
star
42

mockle

Automatic Mocking by Pickles
Python
1
star
43

emoji-picker

Python
1
star