Tweet
Tool or Project Name: Git Wild Hunt A tool for hunting leaked credentials
Short Abstract:
Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations. This tool helps developers and security operation departments discover leaked credentials in public repositories. This tool is also a recon tool for red teamers and pentesters, as it also provides metadata from leaks such as usernames, company names, secret types and dates.
License: Apache-2.0 License
Short Developer Bio:
José Hernandez @d1vious
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Rod Soto @rodsoto
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.
URL to any additional information: https://github.com/d1vious/git-wild-hunt
Detailed Explanation of Tool:
This tool is very effective in finding leaked credentials here is a list of the credentials that are detected:
Offense, Vulnerability Assessment
This tool is very effective in bringing awareness of the danger of leaked credentials in public repositories.
Short Abstract:
Git Wild Hunt is a tool designed to search and identify leaked credentials at public repositories such as Github. Git Wild Hunt searches for footprints and patterns of over 30 of the most used secrets/credentials on the internet, especially those used in Devops and IT Operations. This tool helps developers and security operation departments discover leaked credentials in public repositories. This tool is also a recon tool for red teamers and pentesters, as it also provides metadata from leaks such as usernames, company names, secret types and dates.
License: Apache-2.0 License
Short Developer Bio:
José Hernandez @d1vious
Principal Security Researcher at Splunk. He started his professional career at Prolexic Technologies (now Akamai), fighting DDOS attacks against Fortune 100 companies perpetrated by “anonymous” and “lulzsec.” As an engineering co-founder of Zenedge Inc. (acquired by Oracle Inc.), José helped build technologies to fight bots and web-application attacks. He has also built security operation centers and run a public threat-intelligence service.
Rod Soto @rodsoto
Principal Security Research Engineer at Splunk. Worked at Prolexic Technologies (now Akamai), and Caspida. Cofounder of Hackmiami and Pacific Hackers meetups and conferences. Creator of Kommand && KonTroll / NoQrtr-CTF.
URL to any additional information: https://github.com/d1vious/git-wild-hunt
Detailed Explanation of Tool:
This tool is very effective in finding leaked credentials here is a list of the credentials that are detected:
- AWS API Key
- Amazon AWS Access Key ID
- Amazon MWS Auth Token
- Facebook Access Token
- Facebook OAuth
- Generic API Key
- Generic Secret
- GitHub
- Google (GCP) Service-account
- Google API Key
- Google Cloud Platform API Key
- Google Cloud Platform OAuth
- Google Drive API Key
- Google Drive OAuth
- Google Gmail API Key
- Google Gmail OAuth
- Google OAuth Access Token
- Google YouTube API Key
- Google YouTube OAuth
- Heroku API Key
- MailChimp API Key
- Mailgun API Key
- PGP private key block
- Password in URL
- PayPal Braintree Access Token
- Picatic API Key
- RSA private key
- SSH (DSA) private key
- SSH (EC) private key
- Slack Token
- Slack Webhook
- Square Access Token
- Square OAuth Secret
- Stripe API Key
- Stripe Restricted API Key
- Twilio API Key
- Twitter Access Token
- Twitter OAuth
Offense, Vulnerability Assessment
This tool is very effective in bringing awareness of the danger of leaked credentials in public repositories.