gitleaks - 检索 Git Commits 中的各种密钥信息
Audit git repos for secrets and keys
Installing
go get -u github.com/zricethezav/gitleaksUsage and Explanation
[<img src="https://p1-jj.byteimg.com/tos-cn-i-t2oaga2asx/gold-user-assets/2018/3/11/16212fa28f8aba97~tplv-t2oaga2asx-zoom-in-crop-mark:4536:0:0:0.image)](https://link.juejin.cn/?target=https%3A%2F%2Fgithub.com%2Fzricethezav%2Fgifs%2Fblob%2Fmaster%2Fgitleaks.gif "https://github.com/zricethezav/gifs/blob/master/gitleaks.gif"" style="margin: auto" />
./gitleaks [options] <url/path>Gitleaks audits local and remote repos by running regex checks against all commits.
Options
usage: gitleaks [options] <URL>/<path_to_repo>
Options:
-u --userGit user mode
-r --repoGit repo mode
-o --org Git organization mode
-l --local Local mode, gitleaks will look for local repo in <path>
-t --tempClone to temporary directory
-v --verbose Verbose mode, will output leaks as gitleaks finds them
--report-path=<STR>Save report to path, gitleaks default behavior is to save report to pwd
--clone-path=<STR> Gitleaks will clone repos here, default pwd
--concurrency=<INT>Upper bound on concurrent diffs
--regex-file=<STR> Path to regex file for external regex matching
--since=<STR>Commit to stop at
--b64Entropy=<INT> Base64 entropy cutoff (default is 70)
--hexEntropy=<INT> Hex entropy cutoff (default is 40)
-e --entropy Enable entropy
-h --helpDisplay this message
--token=<STR>Github API token
--stopwordsEnables stopwords Exit Codes
code | explanation |
0 | Gitleaks succeeded with no leaks |
1 | Gitleaks failed or wasn't attempted due to execution failure |
2 | Gitleaks succeeded and leaks were present during the audit |
Use these codes to hook gitleaks into whatever pipeline you're running
Examples
gitleaksRun audit on current working directory if .git is present
gitleaks --local $HOME/audits/some/repoRun audit on repo located in HOME/audits/some/repo if .git is present
gitleaks https://github.com/some/repoRun audit on github.com/some/repo.git and clone repo to
gitleaks --clone-path=$HOME/Desktop/audits https://github.com/some/repoRun audit on github.com/some/repo.git and clone repo to $HOME/Desktop/audits
gitleaks --temp https://github.com/some/repoRun audit on github.com/some/repo.git and clone repo to $TMPDIR (this will remove repos after audit is complete)
gitleaks --temp -u https://github.com/some-userRun audit on all of some-user's repos. Again, --temp flag will clone all repos into $TMPDIR after be removed after audit
If you find a valid leak in a repo
Please read the Github article on removing sensitive data from a repository to remove the sensitive information from your history.
Run me with docker
Simply run docker run --rm --name=gitleaks zricethezav/gitleaks https://github.com/zricethezav/gitleaks
Or build the image yourself to get the latest version :
docker build -t gitleaks .
docker run --rm --name=gitleaks gitleaks https://github.com/zricethezav/gitleaks Support
BTC: 1H2rSXDJZxWcTk2Ugr5P9r9m93m2NhL4xj