credential digger v3.0 releases: identifies hardcoded credentials
Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python 3.6 and works only with LINUX systems.
Credential Digger finds credentials hardcoded in a repository. The tool is composed of:
- Postgres database
- Python client
- User interface
The database is structured in the following way (arrows point to foreign keys).
The project includes 3 components: a db (sql folder), a client (credentialdigger folder), and a user interface (ui folder).
create_table.sql defines the db schema.
Note that, given the file_name and commit_hash of discovery, both the commit and the file can be accessible at addresses:
This client can be used to easily interact with the db. It offers a scanner for git repositories, based on Hyperscan (others can be implemented). Please note that the database must be up and running.
The user interface can be used to easily perform scans and flag the discoveries.
- Keep the line number of a discovery
- Replace the last commit scanned with the timestamp of the last scan (solves the bug of duplicates in another branch when scanning again a repo)
Command line interface
The CLI has been complemented with more features
- scan all the repositories of a user
- scan the wiki pages of a project
- fix bugs
The UI has been totally re-written. Now it provides major improvements, both in performance and in functionality
- Git Token support
- File/Snippet views
- Scan in progress icon
- Extend client classes for adapting queries to the ui (performance)
Copyright (C) 2020 SAP