LeakScanner is a Bash script inspired by Gitleaks, that allows you to scan multiple GitHub repositories at once for sensitive information leaks like passwords, api keys, and tokens. It automates the process of running the Gitleaks tool to detect potential leaks in each repository.
- Scan both GitHub user profiles and organizations.
- Fetch up to 1000 repositories per scan (GitHub API limitation).
- Automatically clone all repositories and run Gitleaks to detect potential leaks.
To perform leak detection, you need to Install GitLeaks first. In order to Install this:
- Clone this repository to your local machine
git clone https://github.com/gitleaks/gitleaks.git
- Navigate to the cloned directory:
cd gitleaks
- Run this command:
make build
Or follow the instructions on the GitLeaks GitHub repository for your platform.
-
Clone this repository to your local machine:
git clone https://github.com/nxtexploit/LeakScanner.git
-
Navigate to the cloned directory:
cd LeakScanner
-
Make the script executable:
chmod +x leakscanner.sh
-
Run the script:
./leakscanner.sh
-
If you want to scan a Organization account then choose 1st options[1] of if want to scan a Personal account then choose the 2nd options[2]. Enter the username of your target. It will detect all the sensitive info like passwords, api keys, and tokens and so on.
-
There are plenty of features that you use after the scan over like Verify Findings and many more.
- The script is interactive and will prompt you for the necessary inputs.
- Review the script's source code to understand its behavior before using it.
Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.
This project is licensed under the MIT License.
The MIT License is a permissive open-source license that allows you to do almost anything with the code. It gives you permission to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software.