Very often keys are pushed to code repositories such as Github, Bitbucket or Gitlab. You want to identify a target code repo and search all commit history to discover secrets that might have been pushed.
Tools to search git repos
gitleaks # MOVE TO OWN TOOLS PAGE
gitrob # MOVE TO OWN TOOLS PAGE
truffleHog # MOVE TO OWN TOOLS PAGE
docker pull zricethezav/gitleaks
docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/name/repo.git
When it returns a match it will also include a git commit which you can use to view it in a browser or use git to ‘check it out’.
git checkout commit
| Service | info |
|---|---|
| shhgit | Monitors github for secrets |
| Name | Description |
|---|