Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trufflesecurity/driftwood
Private key usage verification
https://github.com/trufflesecurity/driftwood
credentials secret secret-management trufflehog
Last synced: 26 days ago
JSON representation
Private key usage verification
- Host: GitHub
- URL: https://github.com/trufflesecurity/driftwood
- Owner: trufflesecurity
- License: apache-2.0
- Created: 2021-11-05T22:57:17.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-29T17:17:29.000Z (12 months ago)
- Last Synced: 2024-08-03T16:08:20.621Z (4 months ago)
- Topics: credentials, secret, secret-management, trufflehog
- Language: Go
- Homepage: https://trufflesecurity.com
- Size: 54.7 KB
- Stars: 401
- Watchers: 15
- Forks: 31
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-api-security - Private key usage verification
- awesome-hacking-lists - trufflesecurity/driftwood - Private key usage verification (Go)
README
# Driftwood
[![CI Status](https://github.com/trufflesecurity/driftwood/workflows/release/badge.svg)](https://github.com/trufflesecurity/driftwood/actions)
[![Go Report Card](https://goreportcard.com/badge/github.com/trufflesecurity/driftwood)](https://goreportcard.com/report/github.com/trufflesecurity/driftwood)
[![Docker Hub Build Status](https://img.shields.io/docker/cloud/build/trufflesecurity/driftwood.svg)](https://hub.docker.com/r/trufflesecurity/driftwood/)
![GitHub](https://img.shields.io/github/license/trufflesecurity/driftwood)Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.
Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password cracking for encrypted keys.
You can read more on it [here](https://trufflesecurity.com/blog/driftwood-know-if-private-keys-are-sensitive/)
![Driftwood in action](docs/screenshot.png)
## Installation
Three easy ways to get started.
### Run with Docker
```bash
cat private.key | docker run --rm -i trufflesecurity/driftwood --pretty-json -
```### Run pre-built binary
Download the binary from the [releases page](https://github.com/trufflesecurity/driftwood/releases) and run it.### Build yourself
```bash
go install github.com/trufflesecurity/driftwood@latest
```## Usage
Minimal usage is
```bash
$ driftwood path/to/privatekey.pem
```Run with `--help` to see more options.
## Library Usage
Packages under `pkg/` are libraries that can be used for external consumption. Packages under `pkg/exp/` are considered to be experimental status and may have breaking changes.