gitleaks alternatives

Looking for an alternative tool to replace gitleaks? During the review of gitleaks we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. GitMiner (Git data miner)
  2. Gitrob (discovery of sensitive data in repositories)
  3. mimipenguin (password extractor)

These tools are ranked as the best alternatives to gitleaks.

Alternatives (by score)

60

GitMiner

Introduction

GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

Project details

GitMiner is written in Python.

Strengths and weaknesses

  • + More than 1000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Asset discovery
    • Discovery of sensitive information
    • Information leak detection

    GitMiner review

    60

    Gitrob

    Introduction

    Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

    Project details

    Gitrob is written in Ruby.

    Strengths and weaknesses

    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Data leak prevention
      • Information gathering
      • Penetration testing
      • Security assessment

      Gitrob review

      64

      mimipenguin

      Introduction

      The tool requires root permissions to work.

      Project details

      mimipenguin is written in Python, shell script.

      Strengths and weaknesses

      • + The source code of this software is available
      • - No releases on GitHub available
      • - Full name of author is unknown

      Typical usage

      • Information gathering
      • Security assessment

      mimipenguin review

      60

      git-secrets

      Introduction

      You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

      Project details

      git-secrets is written in shell script.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Data leak prevention
        • Information leak prevention

        git-secrets review

        78

        Acra

        Introduction

        Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

        Project details

        Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

        Strengths and weaknesses

        • + Commercial support available
        • + The source code of this software is available

          Typical usage

          • Data encryption
          • Data leak prevention
          • Data security
          • Vulnerability mitigation

          Acra review

          85

          AIL framework

          Introduction

          AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

          Project details

          AIL framework is written in Python.

          Strengths and weaknesses

          • + More than 10 contributors
          • + The source code of this software is available

            Typical usage

            • Data extraction
            • Data leak detection
            • Information leak detection
            • Security monitoring

            AIL framework review

            64

            BuQuikker

            Introduction

            BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

            Project details

            BuQuikker is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Data leak detection
              • Security assessment

              BuQuikker review

              64

              DNSteal

              Introduction

              DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

              Project details

              DNSteal is written in Python.

              Strengths and weaknesses

              • + More than 500 GitHub stars
              • + The source code of this software is available
              • - No releases on GitHub available
              • - Full name of author is unknown

              Typical usage

              • Application security
              • Data hiding

              DNSteal review

              84

              SMBMap

              Introduction

              SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

              Project details

              SMBMap is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Data leak detection
                • Information gathering
                • Penetration testing

                SMBMap review

                85

                BlackBox

                Introduction

                Typically you do not want to store any secrets in a software repository or version control system repository. However when there is still a need to give people access to sensitive parts, then BlackBox helps to do this in a more secure way.

                Project details

                BlackBox is written in shell script.

                Strengths and weaknesses

                • + More than 50 contributors
                • + More than 4000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Password management
                  • Secure storage

                  BlackBox review

                  74

                  git-crypt

                  Introduction

                  This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

                  Project details

                  git-crypt is written in C++.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + More than 3000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Data encryption

                    git-crypt review

                    60

                    jak

                    Introduction

                    Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

                    Project details

                    jak is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Data encryption

                      jak review

                      Some relevant tool missing as an alternative to gitleaks? Please contact us with your suggestion.