Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dwisiswant0/leakz-passive-workflow

Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.
https://github.com/dwisiswant0/leakz-passive-workflow

caido caido-passive-workflow caido-workflow leaks leaks-scanner pii secrets sensitive-data sensitive-data-discovery

Last synced: 16 days ago
JSON representation

Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.

Host: GitHub
URL: https://github.com/dwisiswant0/leakz-passive-workflow
Owner: dwisiswant0
License: apache-2.0
Created: 2024-04-22T05:51:06.000Z (7 months ago)
Default Branch: master
Last Pushed: 2024-05-05T19:11:52.000Z (6 months ago)
Last Synced: 2024-05-05T20:26:15.700Z (6 months ago)
Topics: caido, caido-passive-workflow, caido-workflow, leaks, leaks-scanner, pii, secrets, sensitive-data, sensitive-data-discovery
Language: JavaScript
Homepage:
Size: 138 KB
Stars: 4
Watchers: 1
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Leakz

**Leakz** is [Caido](https://caido.io)'s passive workflow to find potential leaked secrets, PII, and sensitive fields.

## Install

1. Download the workflow file via [releases page](https://github.com/dwisiswant0/leakz-passive-workflow/releases) or: `wget https://github.com/dwisiswant0/leakz/raw/master/dist/Leakz.json`.

1. In Caido, navigate to **Testing > Workflows**, then **Import** the workflow file.

— or

1. Just execute: `bun run workflow:install`.

1. After that, refresh your Caido instance by right-clicking and selecting **Reload**.

> [!TIP]

> To update, you must first uninstall it using `bun run workflow:uninstall`,

> and then reinstall it to apply the changes,

> or simply execute `bun run workflow:update`.

That's it!

> [!IMPORTANT]

> Response interception needs to be enabled for this passive workflow to work properly.

## Development

> [!NOTE]

> [Bun](https://bun.sh) toolkit is required.

* Build _(bundled)_ the sources: `bun run build`.

* Compile into Caido workflow: `bun run compile`.

## Caveats

Currently, I understand that it's challenging to selectively opt-in or out of certain kinds of leaks and/or to exclude specific patterns while maintaining good UX.

By default, Leakz does **NOT** scan for PII & sensitive fields; you can configure this in the [`config.ts`](/src/config.ts) file and then rebuild and compile the source to apply them.

### Limitations

~Leakz currently does not offer scanning for leaks in request/response headers. See https://github.com/caido/caido/issues/972.~

## License

The [patterns](/src/db.json) is curated from [mazen160/secrets-patterns-db](https://github.com/mazen160/secrets-patterns-db).

Leakz is released with ♡ by **@dwisiswant0** under the Apache 2.0 license. See [LICENSE](/LICENSE).