/pepito

Finds sensitive stuff in your git repository by specifying terms to look for

Primary LanguagePython

Pepito

Searches through git repositories for specific strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. This project is highly inspired from TruffleHog which does exactly the same thing on high entropy strings.

Usage

Example

pepito https://github.com/dxa4481/truffleHog.git --search 'password'

or

python pepito.py file:///user/dxa4481/codeprojects/truffleHog/ --search 'password'

Install

git clone https://github.com/PaulSec/pepito
cd pepito && python pepito.py -h 

How it works

This module will go through the entire commit history of each branch, and check each diff from each commit. There, it will go through all the changes and check for the existence of the string you're looking for. If present, it will print the content to the screen.

License

This has been released under MIT License. Shout out to @PaulWebSec for any questions.