GitLeaks - Searches full repo history for secrets and keys 🔑
Installing
go get -u github.com/zricethezav/gitleaks
Usage and Explanation
./gitleaks [options] <url/path>
Gitleaks audits local and remote repos by running regex checks against all commits.
Options
usage: gitleaks [options] <URL>/<path_to_repo>
Options:
-u --user Git user mode
-r --repo Git repo mode
-o --org Git organization mode
-l --local Local mode, gitleaks will look for local repo in <path>
-t --temp Clone to temporary directory
-v --verbose Verbose mode, will output leaks as gitleaks finds them
--report-path=<STR> Save report to path, gitleaks default behavior is to save report to pwd
--clone-path=<STR> Gitleaks will clone repos here, default pwd
--concurrency=<INT> Upper bound on concurrent diffs
--since=<STR> Commit to stop at
--b64Entropy=<INT> Base64 entropy cutoff (default is 70)
--hexEntropy=<INT> Hex entropy cutoff (default is 40)
-e --entropy Enable entropy
-h --help Display this message
--token=<STR> Github API token
--stopwords Enables stopwords
Exit Codes
code | explanation |
---|---|
0 | Gitleaks succeeded with no leaks |
1 | Gitleaks failed or wasn't attempted due to execution failure |
2 | Gitleaks succeeded and leaks were present during the audit |
Use these codes to hook gitleaks into whatever pipeline you're running
Examples
gitleaks
Run audit on current working directory if
.git
is presentgitleaks --local $HOME/audits/some/repo
Run audit on repo located in
HOME/audits/some/repo
if .git
is presentgitleaks https://github.com/some/repo
Run audit on
github.com/some/repo.git
and clone repo togitleaks --clone-path=$HOME/Desktop/audits https://github.com/some/repo
Run audit on
github.com/some/repo.git
and clone repo to $HOME/Desktop/auditsgitleaks --temp https://github.com/some/repo
Run audit on
github.com/some/repo.git
and clone repo to $TMPDIR (this will remove repos after audit is complete)gitleaks --temp -u https://github.com/some-user
Run audit on all of
some-user
's repos. Again, --temp
flag will clone all repos into $TMPDIR after be removed after audit
Post a Comment