dumpsterdiver
DumpsterDiver is a tool, which can analyze big volumes of data in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords. Additionally, it allows creating a simple search rules with basic conditions (e.g. report only csv files including at least 10 email addresses). The main idea of this tool is to detect any potential secret leaks.
Name:dumpsterdiver
Category:Static Code Analysis
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/dumpsterdiver:a54c190Output Type:
License:Unknown
Source:View Source
Parameters
-rWhen this flag is set, then files which don't contain any secret (or anything interesting if -a flag is set) will be removed.-sWhen this flag is set, then all files will be additionally analyzed in search of hardcoded passwords.--grep-wordsSpecifies the grep words to look for. Multiple words should be separated by space. Wildcards are supported. Requires adding -a flag to the syntax.--levelSearch level for key length. Options: --level 0 - short keys (20-40B), e.g. AWS Access Key ID. --level 1 (default) - typical keys (40-70B), e.g. AWS Secret Access Key or Azure Shared Key. --level 2 - long keys (1000-1800B), e.g. SSH private key. --level 3 - any key (20-1800B). Be careful with this setting, because it may generate lots of false positives.-pPath to the folder containing files to be analyzed--max-keySpecifies the maximum key length to be analyzed (default is 80).--min-keySpecifies the minimum key length to be analyzed (default is 20).--bad-expressionsSpecifies bad expressions. If the DumpsterDiver find such expression in a file, then this file won't be analyzed. Multiple bad expressions should be separated by space.--exclude-filesSpecifies file names or extensions which shouldn't be analyzed. File extension should contain . character (e.g. .pdf). Multiple file names and extensions should be separated by space.-awhen this flag is set, then all files will be additionally analyzed using rules specified in rules.yaml file.--max-passSpecifies the maximum password length to be analyzed (default is 12). Requires adding -s flag to the syntax.--min-passSpecifies the minimum password length to be analyzed (default is 8). Requires adding -s flag to the syntax.--pass-complexSpecifies the edge of password complexity between 1 (trivial passwords) to 9 (very complex passwords) (default is 8). Requires adding -s flag to the syntax.--entropySpecifies the edge of high entropy (default is 4.3).