Git mining tools

Introduction

Git repositories usually contain software or related data. While the software itself may be an interesting target, Git mining software hunts for data files with authentication credentials or other sensitive information. This is a typical case of information leakage.

Usage

Git mining tools are typically used for data leak detection, data leak prevention, discovery of sensitive information.

Users for these tools include developers, pentesters.

Tools

gitleaks (repository search for secrets and keys)

security assessment

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

GitMiner (Git data miner)

asset discovery, discovery of sensitive information, information leak detection

GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

Gitrob (discovery of sensitive data in repositories)

data leak prevention, information gathering, penetration testing, security assessment

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.