A set of tools to analyze internal services to discover sensitive data such as password, tokens and API keys for auditing purposes.
Disclaimer: This project is useful fo automated analysis of Confluence, Jira or a Bitbucket workspace. But if the goal is to analyze only one repository other tools can yield better results, like this one.
- Downloading and analysis of data from the following services:
- Bitbucket through cloning and pulling of every git repositories of a given workspace.
- Confluence by downloading each pages from all spaces of a given domain.
- Jira by downloading each issues from all projects, including their description and comments.
- Configurable:
- Through the CLI interface.
- Through a JSON file containing the configuration to execute.
- Multithreading through a task queue used by multiple worker threads.
- Whitelist and blacklist support to ensure only the necessary sources are analyzed.
- Filename filters and content filters to remove false positive or unwanted results.
- Keep track of your audits through comments that will be reimported when reanalyzing a source.
Make sure Python 3 is installed.
- Install brew (package manager).
- Install all the dependencies:
brew install gitleaks && pip3 install atlassian-python-api GitPython
- Download a precompiled version of Gitleaks and add it to your path.
- Install the remaining dependencies:
pip install atlassian-python-api GitPython
- Open a terminal in this folder.
- Run the following command
./bitbucket_analyzer.py -hto know how to use the program.
- Open a terminal in this folder.
- Run the following command
./confluence_analyzer.py -hto know how to use the program.
- Open a terminal in this folder.
- Run the following command
./jira_analyzer.py -hto know how to use the program.
- Gitleaks: Analysis of data.
- GitPython: Cloning and pulling of git repositories.
- atlassian-python-api: API to communicate with Atlassian's services.