A tool to find sensitive keys and passwords in Travis logs
Read the Blog post here
Just enter the Travis user name of the organization. The script will automatically find out all jobs and then do two things:
- Look for ED's keywords for potential leaks
- Use the concept of entropy to find potential API keys in the logs
Python 3.X
pip install requests
python travisleak.py travis_user_name
Credits:-
The keywords for the potential leak was taken from ED's blog post here
The concept of entropy was adapted from here
This tool still needs a lot of development. I would be glad if someone would like to contribute to this project.
- Better output format
- Support CircleCI scans