Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RichardoC/gitlab-secrets
This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
https://github.com/RichardoC/gitlab-secrets
Last synced: about 23 hours ago
JSON representation
This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
- Host: GitHub
- URL: https://github.com/RichardoC/gitlab-secrets
- Owner: RichardoC
- Created: 2024-02-24T21:17:58.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-08-16T10:48:46.000Z (3 months ago)
- Last Synced: 2024-08-16T12:07:03.665Z (3 months ago)
- Language: Python
- Homepage:
- Size: 9.77 KB
- Stars: 38
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-cicd-attacks - GitLab Secrets - A tool that can reveal deleted GitLab commits that potentially contain sensitive information and are not accessible via the public Git history. (Techniques / Publicly Exposed Sensitive Data)
README
# Gitlab Secrets
This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits, containing potential secret or interesting information.
It's based on which does the same for Github
## Requirements
- Python3
- [requests](https://pypi.org/project/requests/)## Installation
```bash
git clone https://github.com/neodyme-labs/github-secrets.git
```## Usage
To get a list of basic options and switches use:
```bash
python3 gitlab_scanner.py -h
```You can run this script either completely unauthenticated if you are checking public repositories, or your generated API token by following [this guide](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).
The tokens need requires `read_api` scope.
To export the token use:
```bash
export GITLAB_ACCOUNT_TOKEN=
```To use against a custom instance of Gitlab
```bash
export GITLAB_INSTANCE_URL=
```To run the script and scan a repository:
```bash
python3 gitlab_scanner.py /
```An example repository for testing is
## Limitations
This can only detect dangling commits from the last [3 years](https://docs.gitlab.com/ee/api/events.html#event-time-period-limit) due to the retention period on events in Gitlab.
## License
Licensed under either of
* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or )
* MIT license ([LICENSE-MIT](LICENSE-MIT) or )at your option.
### Contribution
Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be dual licensed as above, without any additional terms or
conditions.