Skip to content
A tool to find sensitive keys and passwords in Travis logs
Branch: master
Clone or download
Latest commit ff17177 Jun 3, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Jun 3, 2019
travisleak.py Added user not found exception May 27, 2019
wordlist.txt Moved all the lines to a separate wordlist.txt file May 18, 2019

README.md

TravisLeaks 🚀

A tool to find sensitive keys and passwords in Travis logs

travis gif


Description

Read the Blog post here

Just enter the Travis user name of the organization. The script will automatically find out all jobs and then do two things:

  1. Look for ED's keywords for potential leaks
  2. Use the concept of entropy to find potential API keys in the logs

Requirements (using travisleak.py script)

Python 3.X
pip install requests

Usage

python travisleak.py travis_user_name


travis_exe_1


travis_exe2



Credits:-

The keywords for the potential leak was taken from ED's blog post here

The concept of entropy was adapted from here

Note

This tool still needs a lot of development. I would be glad if someone would like to contribute to this project.

Goals

  • Better output format
  • Support CircleCI scans
You can’t perform that action at this time.