DumpsterDiver – Tool to Search Secrets in Various Files

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords. Additionally, it allows creating a simple search rules with basic conditions (e.g. reports only csv file including at least 10 email addresses). The main idea of this tool is to detect any potential secret leaks.

DumpsterDiver - Tool to Search Secrets in Various Files
DumpsterDiver – Tool to Search Secrets in Various Files

Key features:

  • it uses Shannon Entropy to find private keys,
  • it searches through git logs,
  • it unpacks compressed archives (e.g. zip, tar.gz etc.),
  • it supports advanced search using simple rules (details below),
  • it searches for hardcoded passwords,
  • it is fully customizable.

User may customize the scan according to his need by skipping certain files or create an advanced search custom conditions for example if you want to find complex passwords (which contains uppercase, lowercase, special character, digit and is 10 to 15 characters long) it will be possible to add the requirement to the command you execute.

Creating conditions is possible using rules.yaml file where you can provide the search rules for leaked emails attack or search DB for sensitive information.

You can read more and download the tool over here: https://github.com/securing/DumpsterDiver

Share