New Tool Will Find Secrets

Udgivet den by Coindesk | Udgivet den

Coding crypto projects is hard enough without running the risk of losing your private keys.

Shhgit, a webapp and downloadable tool by Paul Price aims at least to reduce the chance of that happening.

The app, which is open source, scans code repository GitHub for dangerous files and data.

As a beginning coder, you may have left your password data or private keys inside public repository without realizing.

"Finding these secrets across GitHub is nothing new," wrote Price, a programmer and security expert who goes by the handle Darkport.

"There are many open-source tools available to help with this depending on which side of the fence you sit. On the adversary side, popular tools such as gitrob and truggleHog focus on digging in to commit history to find secret tokens from specific repositories, users or organizations."

Sshgit is more public about these secrets: it offers a front-end that simply displays them as they appear on GitHub.

It also encourages safe coding because users know their public repositories are insecure.

As someone who once committed the private keys for a bitcoin wallet to a public GitHub account, let me tell you: I could have used this a few years ago.

Price is looking for sponsors to pay for hosting because, as you can imagine, his traffic is quite high as people search for secrets.

x