{"id":37230646,"url":"https://github.com/afterdarksys/env-leak-scanner","last_synced_at":"2026-01-15T03:39:34.381Z","repository":{"id":332091216,"uuid":"1132727851","full_name":"afterdarksys/env-leak-scanner","owner":"afterdarksys","description":"Scan your codebase for exposed secrets and environment variables","archived":false,"fork":false,"pushed_at":"2026-01-12T11:21:10.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-12T19:20:29.455Z","etag":null,"topics":["ci-cd","cli","credentials","devops","environment-variables","leak-detection","python","scanning","secrets","security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/afterdarksys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-12T11:17:49.000Z","updated_at":"2026-01-12T11:22:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/afterdarksys/env-leak-scanner","commit_stats":null,"previous_names":["afterdarksys/env-leak-scanner"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/afterdarksys/env-leak-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afterdarksys%2Fenv-leak-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afterdarksys%2Fenv-leak-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afterdarksys%2Fenv-leak-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afterdarksys%2Fenv-leak-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/afterdarksys","download_url":"https://codeload.github.com/afterdarksys/env-leak-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/afterdarksys%2Fenv-leak-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28442310,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T00:55:22.719Z","status":"online","status_checked_at":"2026-01-15T02:00:08.019Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-cd","cli","credentials","devops","environment-variables","leak-detection","python","scanning","secrets","security"],"created_at":"2026-01-15T03:39:33.489Z","updated_at":"2026-01-15T03:39:34.376Z","avatar_url":"https://github.com/afterdarksys.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Env Leak Scanner\n\n[![PyPI version](https://badge.fury.io/py/env-leak-scanner.svg)](https://pypi.org/project/env-leak-scanner/)\n[![Downloads](https://pepy.tech/badge/env-leak-scanner)](https://pepy.tech/project/env-leak-scanner)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n**Scan your codebase for exposed secrets and environment variables in seconds!**\n\nPrevent security breaches by detecting hardcoded API keys, passwords, tokens, and other sensitive data before they reach production.\n\n## Features\n\n- Fast recursive directory scanning\n- Detects 12+ types of common secrets (AWS keys, GitHub tokens, API keys, passwords, etc.)\n- Beautiful terminal output with severity levels\n- Detailed recommendations for each finding\n- Zero configuration needed\n- CI/CD integration ready\n- Exit codes for automation (0=safe, 1=warning, 2=critical)\n\n## Installation\n\n```bash\npip install env-leak-scanner\n```\n\n## Quick Start\n\n### Scan current directory\n```bash\nenv-scan .\n```\n\n### Scan specific project\n```bash\nenv-scan /path/to/project\n```\n\n### Quick summary only\n```bash\nenv-scan . --no-details\n```\n\n### Scan without recursion\n```bash\nenv-scan . --no-recursive\n```\n\n## What It Detects\n\n- AWS Access Keys \u0026 Secret Keys\n- GitHub Personal Access Tokens\n- Generic API Keys\n- Private SSH/RSA Keys\n- Hardcoded Passwords\n- Database Connection Strings (PostgreSQL, MySQL, MongoDB)\n- Slack Tokens\n- Bearer Tokens\n- Hardcoded IP addresses with credentials\n- And more...\n\n## Example Output\n\n```\n╭─────────────── Scan Results ───────────────╮\n│ 🚨 CRITICAL                                │\n│                                            │\n│ 📁 Files Scanned: 247                     │\n│ 🔍 Secrets Found: 5                       │\n│ 🔴 High Severity: 3                       │\n│ 🟡 Medium Severity: 2                     │\n│ 🟢 Low Severity: 0                        │\n╰────────────────────────────────────────────╯\n\n╭────────────── 🔓 Exposed Secrets ──────────────╮\n│ Severity   Type              File      Line   │\n├────────────────────────────────────────────────┤\n│ 🔴 HIGH    AWS Access Key    config.py   12   │\n│ 🔴 HIGH    Private Key       keys/id_rsa  1   │\n│ 🔴 HIGH    GitHub Token      deploy.sh   45   │\n│ 🟡 MEDIUM  API Key           app.py      89   │\n│ 🟡 MEDIUM  Generic Secret    .env.example 3   │\n╰────────────────────────────────────────────────╯\n```\n\n## Use Cases\n\n### Pre-commit Hook\nAdd to `.git/hooks/pre-commit`:\n```bash\n#!/bin/bash\nenv-scan .\nif [ $? -eq 2 ]; then\n    echo \"❌ Critical secrets detected! Commit blocked.\"\n    exit 1\nfi\n```\n\n### CI/CD Pipeline\n```yaml\n# GitHub Actions example\n- name: Scan for secrets\n  run: |\n    pip install env-leak-scanner\n    env-scan .\n```\n\n### Docker Build Security Check\n```dockerfile\nRUN pip install env-leak-scanner \u0026\u0026 env-scan /app\n```\n\n## CLI Options\n\n```\nusage: env-scan [-h] [--no-recursive] [--no-details]\n                [--ignore IGNORE] [-v] [path]\n\npositional arguments:\n  path              Directory to scan (default: current directory)\n\noptions:\n  -h, --help        show this help message and exit\n  --no-recursive    Do not scan subdirectories\n  --no-details      Show summary only, hide detailed findings\n  --ignore IGNORE   Additional patterns to ignore (can be used multiple times)\n  -v, --version     show program's version number and exit\n```\n\n## Python API\n\n```python\nfrom env_leak_scanner import SecretScanner\n\nscanner = SecretScanner()\nresult = scanner.scan_directory(\"/path/to/project\")\n\nprint(f\"Files scanned: {result.total_files_scanned}\")\nprint(f\"Secrets found: {len(result.secrets_found)}\")\nprint(f\"High severity: {result.high_severity_count}\")\n\n# Check status\nif result.has_secrets:\n    print(\"⚠️ Secrets detected!\")\n    for secret in result.secrets_found:\n        print(f\"{secret.severity}: {secret.secret_type} in {secret.file_path}:{secret.line_number}\")\n```\n\n## Why Use This?\n\n**Before deployment:**\n- Prevent accidental credential leaks\n- Enforce security best practices\n- Protect your infrastructure\n\n**During development:**\n- Get immediate feedback on security issues\n- Learn secure coding practices\n- Avoid costly security incidents\n\n**Perfect for:**\n- DevOps engineers\n- Security teams\n- Development teams\n- CI/CD pipelines\n- Open source projects\n\n## Security Best Practices\n\n1. **Never commit secrets to git** - Use .gitignore for .env files\n2. **Use environment variables** - Store secrets outside code\n3. **Use secret management** - AWS Secrets Manager, HashiCorp Vault, etc.\n4. **Rotate exposed credentials** - Immediately revoke and regenerate\n5. **Add pre-commit hooks** - Prevent future leaks automatically\n6. **Scan git history** - Check for previously committed secrets\n\n## Contributing\n\nContributions welcome! This project is part of [After Dark Systems](https://afterdarksys.com)' security initiative.\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Submit a pull request\n\n## License\n\nMIT License - see [LICENSE](LICENSE) for details.\n\n## Links\n\n- **PyPI**: https://pypi.org/project/env-leak-scanner/\n- **GitHub**: https://github.com/afterdarksys/env-leak-scanner\n- **Issues**: https://github.com/afterdarksys/env-leak-scanner/issues\n- **After Dark Systems**: https://afterdarksys.com\n- **More Security Tools**: https://pypi.org/user/afterdarksys/\n\n## Star Us!\n\nIf you find this tool useful, please star the repository on GitHub!\n\n---\n\n**Made with by [After Dark Systems](https://afterdarksys.com)**\n\n**Check out our other 12+ production-ready Python packages:** https://pypi.org/user/afterdarksys/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fafterdarksys%2Fenv-leak-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fafterdarksys%2Fenv-leak-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fafterdarksys%2Fenv-leak-scanner/lists"}