https://github.com/trufflesecurity/driftwood

Private key usage verification
https://github.com/trufflesecurity/driftwood

credentials secret secret-management trufflehog

Last synced: 3 months ago
JSON representation

Private key usage verification

• Host: GitHub
• URL: https://github.com/trufflesecurity/driftwood
• Owner: trufflesecurity
• License: apache-2.0
• Created: 2021-11-05T22:57:17.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-12-29T17:17:29.000Z (10 months ago)
• Last Synced: 2024-07-25T02:44:44.518Z (3 months ago)
• Topics: credentials, secret, secret-management, trufflehog
• Language: Go
• Homepage: https://trufflesecurity.com
• Size: 54.7 KB
• Stars: 397
• Watchers: 15
• Forks: 31
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-api-security - Private key usage verification
• awesome-hacking-lists - trufflesecurity/driftwood - Private key usage verification (Go)

README

        
# Driftwood

[![CI Status](https://github.com/trufflesecurity/driftwood/workflows/release/badge.svg)](https://github.com/trufflesecurity/driftwood/actions)

[![Go Report Card](https://goreportcard.com/badge/github.com/trufflesecurity/driftwood)](https://goreportcard.com/report/github.com/trufflesecurity/driftwood)

[![Docker Hub Build Status](https://img.shields.io/docker/cloud/build/trufflesecurity/driftwood.svg)](https://hub.docker.com/r/trufflesecurity/driftwood/)

![GitHub](https://img.shields.io/github/license/trufflesecurity/driftwood)

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. 

Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password cracking for encrypted keys.

You can read more on it [here](https://trufflesecurity.com/blog/driftwood-know-if-private-keys-are-sensitive/)

![Driftwood in action](docs/screenshot.png)

## Installation

Three easy ways to get started.

### Run with Docker

```bash

cat private.key | docker run --rm -i trufflesecurity/driftwood --pretty-json -

```

### Run pre-built binary

Download the binary from the [releases page](https://github.com/trufflesecurity/driftwood/releases) and run it. 

### Build yourself

```bash

go install github.com/trufflesecurity/driftwood@latest

```

## Usage

Minimal usage is

```bash

$ driftwood path/to/privatekey.pem

```

Run with `--help` to see more options.

## Library Usage

Packages under `pkg/` are libraries that can be used for external consumption. Packages under `pkg/exp/` are considered to be experimental status and may have breaking changes.