A tool to find sensitive keys and passwords in Travis logs
I wrote a blog post for this tool.
Just enter the Travis user name of the organization. The script will automatically find out all jobs and then do two things.
- Look for ED's keywords for potential leaks
- Use the concept of entropy to find potential API keys in the logs
- Python 3.X
- Requests
pip install requests
python travisleak.py travis_user_name
Credits:- The keywords for the potential leak was taken from ED's blog post https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here/
The concept of entropy was adapted from https://github.com/dxa4481/truffleHog
This tool still needs a lot of development. I would be glad if someone would like to contribute to this project.
- Better output format
- Support CircleCI scans