Too many secrets (2ms) is a command line tool written in Go language and built over gitleaks. 2ms is capable of finding secrets such as login credentials, API keys, SSH keys and more hidden in code, content systems, chat applications and more.
2ms precompiled binaries for amd64 architecture are attached as assets in our releases page
You may place the compiled binary on your path. On Linux for example you can place 2ms binary in /usr/local/bin/
chmod +x 2ms
sudo cp 2ms /usr/local/bin/
If you wish to compile the project from its source use the following commands
git clone https://github.com/checkmarx/2ms.git
cd 2ms
go build -o dist/2ms main.go
./dist/2msWe publish container image releases of 2ms to checkmarx/2ms . To run 2ms from a docker container use the following command:
docker run checkmarx/2ms
You may also mount a local directory with the -v <local-dir-path>:<container-dir-path> argument. For instance:
docker run -v /home/user/workspace/git-repo:/repo checkmarx/2ms git /repo
- For
gitcommand, you have to mount your git repository to/repoinside the container
We've built 2ms command line interface to be as self-descriptive as possible. This is the help message that you will see if you executed 2ms without args:
2ms Secrets Detection: A tool to detect secrets in public websites and communication services.
Usage:
2ms [command]
Commands
confluence Scan Confluence server
discord Scan Discord server
filesystem Scan local folder
git Scan local Git repository
paligo Scan Paligo instance
slack Scan Slack team
Additional Commands:
completion Generate the autocompletion script for the specified shell
help Help about any command
rules List all rules
Flags:
--config string config file path
--exclude-rule strings exclude rules by name or tag to apply to the scan (removes from list, starts from all)
-h, --help help for 2ms
--ignore-result strings ignore specific result by id
--include-rule strings include rules by name or tag to apply to the scan (adds to list, starts from empty)
--log-level string log level (trace, debug, info, warn, error, fatal) (default "info")
--regex stringArray custom regexes to apply to the scan, must be valid Go regex
--report-path strings path to generate report files. The output format will be determined by the file extension (.json, .yaml, .sarif)
--stdout-format string stdout output format, available formats are: json, yaml, sarif (default "yaml")
-v, --version version for 2ms
Use "2ms [command] --help" for more information about a command.
We offer the following list of integrations in the form of plugins
scans a Confluence instance
2ms confluence --url URL [flags]
| Flag | Value | Default | Description |
|---|---|---|---|
--url |
string | - | Confluence instance URL in the form of https://<company id>.atlassian.net/wiki |
--history |
- | not scanning history revisions | Scans pages history revisions |
--spaces |
string | all spaces | The names or IDs of the Confluence spaces to scan |
--token |
string | - | The Confluence API token for authentication |
--username |
string | - | Confluence user name or email for authentication |
For example:
2ms confluence --url https://checkmarx.atlassian.net/wiki --spaces secrets
- 💡 The
secretsConfluence site purposely created with plain example secrets as a test subject for this demo
<TBD Add Reference>
<TBD Add Reference>
<TBD Add Reference>
Scans a local git repository
2ms git <Git Repo Local Path> [flags]
| Flag | Value | Default | Description |
|---|---|---|---|
--all-branches |
- | false - only current checked in branch | scan all branches |
--depth |
int | no limit | limit the number of historical commits to scan from HEAD |
For example
git clone https://github.com/my-account/my-repo.git
cd my-repo
2ms git .
<TBD Add Reference>
2ms is extendable with the concept of plugins. We designed it like this so anyone can easily contribute, improve and extend 2ms
Want to report a problem or suggest an idea for improvement? Create an Issue, create a Discussion thread, or Join our Discord Server (seek for #2ms channel)
This project was made and maintained by Checkmarx with ❤️