Git mining tools
Introduction
Git repositories usually contain software or related data. While the software itself may be an interesting target, Git mining software hunts for data files with authentication credentials or other sensitive information. This is a typical case of information leakage.
Usage
Git mining tools are typically used for data leak detection, data leak prevention, discovery of sensitive information.
Users for these tools include developers and pentesters.
Tools
Popular Git mining tools
GitMiner (Git data miner)
asset discovery, discovery of sensitive information, information leak detection
GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.
Gitrob (discovery of sensitive data in repositories)
data leak prevention, information gathering, penetration testing, security assessment
Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.
gitleaks (repository search for secrets and keys)
security assessment
Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.