A Python-based tool designed to scan Git repositories for potential sensitive data leaks, such as API keys, passwords, private keys, and certificates. It analyzes the entire Git history, ensuring no hidden secrets escape detection.
- Deep Scan: Traverses full Git commit history.
- Sensitive Data Detection: Identifies:
- π Passwords
- ποΈ API Keys (AWS, OpenAI, Google, etc.)
- π RSA & SSH Private Keys
- π TLS/SSL Certificates
- ποΈ Database Credentials
- User-Friendly Output: Color-coded results for easy analysis.
Before running the tool, install the necessary dependencies:
pip install -r requirements.txtBefore running the tool, ensure all Git repositories are marked as trusted to avoid permission errors:
git config --global --add safe.directory '*'-
Clone the repository:
git clone <your-repo-link> cd Git_detector
-
Run the tool: Run the git_detector.exe file.
-
For scanning a specific repository: Select the repo to be scanned and save scanned results.
The tool highlights sensitive data types along with their respective commit IDs for easy tracking and removal.
[Password] Hardcoded password found
Commit: cc8a4c6
Key: my_secret_password
[RSA Private Key] RSA Private Key found
Commit: b20f5b8
Key: -----BEGIN RSA PRIVATE KEY-----
This tool is intended for ethical use only. Always ensure you have proper authorization before scanning repositories.
This repo is open for contribution, need to update regex patterns for different keys (APIs keys, passwords, usernames, certificate keys). If you'd like to improve Git_detector, check out the Contributing Guidelines and open a pull request.
π Happy Hunting!