Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RichardoC/gitlab-secrets

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
https://github.com/RichardoC/gitlab-secrets

Last synced: about 23 hours ago
JSON representation

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.

Host: GitHub
URL: https://github.com/RichardoC/gitlab-secrets
Owner: RichardoC
Created: 2024-02-24T21:17:58.000Z (9 months ago)
Default Branch: main
Last Pushed: 2024-08-16T10:48:46.000Z (3 months ago)
Last Synced: 2024-08-16T12:07:03.665Z (3 months ago)
Language: Python
Homepage:
Size: 9.77 KB
Stars: 38
Watchers: 1
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-cicd-attacks - GitLab Secrets - A tool that can reveal deleted GitLab commits that potentially contain sensitive information and are not accessible via the public Git history. (Techniques / Publicly Exposed Sensitive Data)

README

# Gitlab Secrets

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits, containing potential secret or interesting information.

It's based on which does the same for Github

## Requirements

- Python3
- [requests](https://pypi.org/project/requests/)

## Installation

```bash
git clone https://github.com/neodyme-labs/github-secrets.git
```

## Usage

To get a list of basic options and switches use:
```bash
python3 gitlab_scanner.py -h
```

You can run this script either completely unauthenticated if you are checking public repositories, or your generated API token by following [this guide](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).

The tokens need requires `read_api` scope.

To export the token use:
```bash
export GITLAB_ACCOUNT_TOKEN=
```

To use against a custom instance of Gitlab
```bash
export GITLAB_INSTANCE_URL=
```

To run the script and scan a repository:
```bash
python3 gitlab_scanner.py /
```

An example repository for testing is

## Limitations

This can only detect dangling commits from the last [3 years](https://docs.gitlab.com/ee/api/events.html#event-time-period-limit) due to the retention period on events in Gitlab.

## License

Licensed under either of

* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or )
* MIT license ([LICENSE-MIT](LICENSE-MIT) or )

at your option.

### Contribution

Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be dual licensed as above, without any additional terms or
conditions.