Use regular expressions based on trufflehog and OWASP’s very underated SEDATED project to identify secrets in an arbitrary directory, recursively.
Shout out to the SEDATED project for their great Regex testing file, which made life so much easier.
Why This?
For people that find themselves in a situation where they want to find secrets they shouldn’t have access to but:
- They only have a sh-compatible shell and GNU Grep (FreeBSD should also work, but is not what I test builds with)
- They want to search an arbitrary directory for secrets instead of a git repo
- They’re willing to put up with less precise/more optimistic regex queries in the pursuit of greatness
- They’re Lazy