scanct searches certificate transparency logs for known self-hosted services, hoping to find exposed credentials such as AWS keys.
See my blog post for a high-level overview.
Currently, the following software is detected:
- GitLab:
scanctclones repositories and scans for secrets using gitleaks. - Jenkins:
scanctscans for open/scriptendpoints and downloads workspaces of jobs to scan for secrets with gitleaks.
- Install Go for your platform.
- Clone the repository:
git clone https://github.com/rgwohlbold/scanct. - Build the binary:
go build -o scanct cmd/scanct/main.go. - Run the binary:
./scanct <options>.
All flags are documented in main.go.
scanct stores all its information in a SQLite database, instance.db.
This makes it resilient to restarts, as entries that have not been fully processed are retried on the next run.
scanct is licensed under the MIT license. See LICENSE for details.
This repository was adapted from shhgit and heavily modified, removing almost all code in the progress. shhgit is licensed under MIT see https://github.com/eth0izzle/shhgit/blob/master/LICENSE for details.
Thanks to Lukas Radermacher (lukasrad02) and Tyron Franzke for initially implementing the GitLab scanner into shhgit.