Archaeologit

This script scans the history of a user’s GitHub repositories for a given pattern to find sensitive things that may have been there but has been overwritten in a later commit. For example passwords or secret tokens.

Download

git clone https://github.com/peterjaric/archaeologit.git

Usage

archaeologit.sh <github username or git repo url> ‘<regular expression to search for>’ [<log file>]

Examples

archaeologit.sh USERNAME 'password.....|secret.....|passwd.....|credentials.....|creds.....|aws.?key.....|consumer.?key.....|api.?key.....|aws.?token.....|oauth.?token.....|access.?token.....|api.?token.....'

archaeologit.sh peterjaric 'password|secret|token' scan.log

Copyright (c) 2018 Peter Jaric

Source: https://github.com/peterjaric/