{"id":21054735,"url":"https://github.com/papermtn/stack-overflow-watchman","last_synced_at":"2026-04-13T18:32:33.415Z","repository":{"id":236821906,"uuid":"786222789","full_name":"PaperMtn/stack-overflow-watchman","owner":"PaperMtn","description":"Monitoring Stack Overflow Enterprise for exposed secrets","archived":false,"fork":false,"pushed_at":"2024-04-28T18:46:03.000Z","size":45,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-28T07:36:59.640Z","etag":null,"topics":["blue-team","blueteam","cybersecurity","infosec","monitoring","purple-team","purpleteam","red-team","redteam","stackoverflow","watchman"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PaperMtn.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-13T19:40:00.000Z","updated_at":"2024-04-28T18:40:45.000Z","dependencies_parsed_at":"2024-04-28T19:50:41.169Z","dependency_job_id":null,"html_url":"https://github.com/PaperMtn/stack-overflow-watchman","commit_stats":null,"previous_names":["papermtn/stack-overflow-watchman"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/PaperMtn/stack-overflow-watchman","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaperMtn%2Fstack-overflow-watchman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaperMtn%2Fstack-overflow-watchman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaperMtn%2Fstack-overflow-watchman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaperMtn%2Fstack-overflow-watchman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PaperMtn","download_url":"https://codeload.github.com/PaperMtn/stack-overflow-watchman/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PaperMtn%2Fstack-overflow-watchman/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31766456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T15:25:13.801Z","status":"ssl_error","status_checked_at":"2026-04-13T15:25:09.162Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","blueteam","cybersecurity","infosec","monitoring","purple-team","purpleteam","red-team","redteam","stackoverflow","watchman"],"created_at":"2024-11-19T16:17:02.163Z","updated_at":"2026-04-13T18:32:33.400Z","avatar_url":"https://github.com/PaperMtn.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"https://i.imgur.com/eE3DF1o.png\" width=\"550\"\u003e\n\n# Stack Overflow Watchman\n![Python 2.7 and 3 compatible](https://img.shields.io/pypi/pyversions/stack-overflow-watchman)\n![PyPI version](https://img.shields.io/pypi/v/stack-overflow-watchman.svg)\n![License: MIT](https://img.shields.io/pypi/l/stack-overflow-watchman.svg)\n\nMonitoring Stack Overflow Enterprise for exposed secrets\n\n## About Stack Overflow Watchman\nStack Overflow Watchman is an application that uses the Stack Overflow for Teams API to find potentially sensitive data exposed in a Stack Overflow Enterprise for Teams site.\n\nMore information about Stack Overflow Watchman can be found [on my blog](https://papermtn.co.uk/category/tools/stack-overflow-watchman/).\n\n### Features\nStack Overflow Watchman looks for:\n\n- API Keys, Tokens \u0026 Service Accounts\n  - AWS, Azure, GCP, Google API, Slack (keys \u0026 webhooks), Twitter, Facebook, GitHub and more\n  - Generic Private keys\n  - Access Tokens, Bearer Tokens, Client Secrets, Private Tokens\n  - Leaked passwords\n  - Passport numbers, Dates of birth, Social security numbers, National insurance numbers and more\n\n#### Time based searching\nYou can run Stack Overflow Watchman to look for results going back as far as:\n- 24 hours\n- 7 days\n- 30 days\n- All time\n\nThis means after one deep scan, you can schedule Stack Overflow Watchman to run regularly and only return results from your chosen timeframe.\n\n### Signatures\nStack Overflow Watchman uses custom YAML signatures to detect matches in Stack Overflow for Teams. These signatures are pulled from the central [Watchman Signatures repository](https://github.com/PaperMtn/watchman-signatures). Stack Overflow Watchman automatically updates its signature base at runtime to ensure its using the latest signatures to detect secrets.\n\n### Logging\n\nStack Overflow Watchman gives the following logging options:\n- Terminal-friendly Stdout\n- JSON to Stdout\n\nStack Overflow Watchman defaults to terminal-friendly stdout logging if no option is given. This is designed to be easier for humans to read.\n\nJSON logging is also available, which is perfect for ingesting into a SIEM or other log analysis platforms.\n\nJSON formatted logging can be easily redirected to a file as below:\n```commandline\nstack-overflow-watchman --timeframe a --all --output json \u003e\u003e stack_overflow_watchman_log.json \n```\n\n## Authentication Requirements\n### Stack Overflow API token\nTo run Stack Overflow Watchman, you will need an API token. You can create this in your Stack Overflow for Teams account under `Account -\u003e Settings -\u003e API Applications`. Create a new application and copy the token from the details pane.\n\nYou will also need the domain of the Stack Overflow for Teams site. If your site is `papermtn.stackoverflow.co`, then the domain is `papermtn`.\n#### Providing Token \u0026 URL\nPass the URL and Token to Stack Overflow Watchman via the environment variables: \n- `STACK_OVERFLOW_WATCHMAN_TOKEN`\n- `STACK_OVERFLOW_WATCHMAN_DOMAIN`\n\n## Installation\nYou can install the latest stable version via pip:\n\n```commandline\npython3 -m pip install stack-overflow-watchman\n```\n\nOr build from source yourself:\n\nDownload the release source files, then from the top level repository run:\n```commandline\npython3 -m pip build\npython3 -m pip install --force-reinstall dist/*.whl\n```\n\n## Docker Image\n\nStack Overflow Watchman is also available from the Docker hub as a Docker image:\n\n`docker pull papermountain/stack-overflow-watchman:latest`\n\nYou can then run Stack Overflow Watchman in a container, making sure you pass the required environment variables:\n\n```commandline\n// help\ndocker run --rm papermountain/stack-overflow-watchman -h\n\n// scan all\ndocker run --rm -e STACK_OVERFLOW_WATCHMAN_TOKEN=abc... -e STACK_OVERFLOW_WATCHMAN_DOMAIN=papermtn papermountain/stack-overflow-watchman --timeframe a --all --output json\ndocker run --rm --env-file .env papermountain/stack-overflow-watchman --timeframe a --all --output stdout\n```\n\n## Usage\nStack Overflow Watchman will be installed as a global command, use as follows:\n```commandline\nusage: stack-overflow-watchman [-h] [--timeframe {d,w,m,a}] [--output {json,stdout}] [--version] [--debug]\n\noptions:\n  -h, --help            show this help message and exit\n  --timeframe {d,w,m,a}\n                        How far back to search: d = 24 hours w = 7 days, m = 30 days, a = all time. Defaults to all time\n  --output {json,stdout}, -o {json,stdout}\n                        Where to send results\n  --version, -v         show program's version number and exit\n  --debug, -d           Turn on debug level logging\n  ```\n\nYou can run Stack Overflow Watchman to look for everything, and output to default stdout:\n\n```commandline\nstack-overflow-watchman --timeframe a --all\n```\n\n## Other Watchman apps\nYou may be interested in the other apps in the Watchman family:\n- [Slack Watchman](https://github.com/PaperMtn/slack-watchman)\n- [Slack Watchman for Enterprise Grid](https://github.com/PaperMtn/slack-watchman-enterprise-grid)\n- [GitLab Watchman](https://github.com/PaperMtn/gitlab-watchman)\n- [GitHub Watchman](https://github.com/PaperMtn/github-watchman)\n\n## License\nThe source code for this project is released under the [GNU General Public Licence](https://www.gnu.org/licenses/licenses.html#GPL). This project is not associated with Stack Overflow.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpapermtn%2Fstack-overflow-watchman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpapermtn%2Fstack-overflow-watchman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpapermtn%2Fstack-overflow-watchman/lists"}