¶ Repo Security Scanner
LICENSE
This is a tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
¶ Flag:
FROM alpine:3.9
WORKDIR /wd
RUN apk add --no-cache git bash
RUN wget https://github.com/UKHomeOffice/repo-security-scanner/releases/download/0.4.0/scanrepo-0.4.0-linux-amd64.tar.gz
RUN tar -xvf scanrepo-0.4.0-linux-amd64.tar.gz
RUN mv scanrepo /usr/bin
COPY entrypoint.sh .
RUN chmod +x entrypoint.sh
ENTRYPOINT ["bash", "entrypoint.sh"]
¶ Used fact:
Git repo contains word credential
Backup File/Directory detected
Git repo contains word dump
Git repo contains word password
Git repo contains words: private, key
Log file detected
Private SSH key detected
Configuration file detected
Potential cryptographic private key or key bundle detected
Pidgin OTR private key
Found sensitive files
Recon-ng web reconnaissance framework database detected
¶ Screenshot of results:
¶ Category:
Single URL (Manual)/Git Analysis
¶ Audit Tags:
Github, Enumerate, Old, Single Page, Leaks
¶ DISCLAIMER:
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.