golddigger: quickly discover sensitive information in files recursively

discover sensitive information

Gold Digger

Search files for gold

Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.

Installation

Gold Digger requires Python3.

git clone https://github.com/ustayready/golddigger.git
virtualenv -p python3 .
source bin/activate
python dig.py –help

Use

discover sensitive information

Example Usage

Gold Digger will recursively go through all folders and files in search of content matching items listed in the gold.json file. Additionally, you can leverage an exclusion file called exclusions.json for skipping files matching specific extensions. Provide the root folder as the –directory flag.

An example structure could be:

~/Engagements/CustomerName/data/randomfiles/

~/Engagements/CustomerName/data/randomfiles2/
~/Engagements/CustomerName/data/code/

 

You would provide the following command to parse all 3 account reports:

python dig.py –gold gold.json –exclude exclusions.json –directory ~/Engagements/CustomerName/data/ –log Customer_2022-123_gold.log

Results

The tool will create a log file containing the scanning results. Due to the nature of using regular expressions, there may be numerous false positives. Despite this, the tool has been proven to increase productivity when processing thousands of files.

Source: https://github.com/ustayready/