GitLeaks security testing tool that scans your repositories on GitHub for secrets, API keys, and tokens
Gits and GitHub are fast emerging as a safe hunting ground for hackers and cybercriminals who prey on unsecured databases and API keys. Hackers use GitHub dorks to scan the vast repository for any secrets. We have seen how a hacker managed to steal $1200 in Etherum after the Git owner left his MetaMask wallet’s mnemonic (12-word wallet recovery phrase) exposed for just over a minute on GitHub when he was doing the transaction.
The GitHub is so vulnerable to these data thefts that security researcher, Tillson Galloway earned a respectable $10,000 as bug bounty just by Dorking GitHub secrets. The German carmaker Daimler-Benz leaked its Mercedes-Benz onboard logic unit (OLU) source code due to a similar dork.
Considering that the gits on GitHub are the heart and soul of millions of developers’ projects, data security is the most important worry for them. This is where Gitleak is useful. It is Gitleaks is a static application security testing tool that scans your Git repositories for secrets, API keys, and tokens. Using Gitleaks, developers scan a GitHub repository and look for any anomaly, something that could compromise security.
GitLeaks is created to detect vulnerabilities that may be in the repositories. It works through the terminal and can be used for any programming language and works across all platforms. Gitleaks not only scans for possible vulnerabilities but also credentials that have been left exposed. It sometimes happens that a developer forgets he/she may have leaked credentials on his/her git. Gitleaks can perform a scan and notify the Git owner immediately about the leaked credentials.
Gitleaks can scan private and organization-wide Git repositories for committed and uncommitted secrets and includes JSON and CSV reporting. It has been written in Go programming language and is maintained by Zachary Rice, a software engineer for GitLab. You can download Gitleaks from here. Rice has released the latest version of Gitleaks 4.31and it is available for all major operating systems.