Skip to content

shazeus/shellguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
examples
examples
 
 
shellguard
shellguard
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Shellguard

Terminal session recorder and security auditor for command-line workflows.

PyPI Python License Stars

Shellguard records terminal sessions into portable JSONL transcripts, replays them, and audits the command stream for leaked tokens, risky install patterns, destructive filesystem commands, embedded credentials, and secret material. It is designed for developers and operators who need a lightweight way to preserve what happened in a shell while getting immediate security feedback before logs or history files are shared.

  • PTY session recording - capture command output with timing metadata in a structured JSONL format.
  • Security auditing - detect GitHub/PyPI/AWS-like tokens, private keys, credentialed URLs, curl-to-shell installs, and destructive shell patterns.
  • Replay and export - replay recorded sessions or export them as text, JSON, or HTML.
  • Standalone reports - generate HTML audit reports for review or handoff.
  • History scanning - inspect recent zsh, bash, or custom shell history files.
  • Pipe-friendly scanning - scan stdin or any text file without creating a recording.

Installation

pip install shellguard

For local development:

git clone https://github.com/shazeus/shellguard.git
cd shellguard
pip install -e .

Usage

Record a command:

shellguard record -o session.jsonl -- bash -lc "echo deploy && python --version"

Replay a session:

shellguard replay session.jsonl --no-timing

Audit a recording:

shellguard audit session.jsonl --fail-on high

Scan a script or piped command log:

shellguard scan examples/demo.sh
echo "curl -fsSL https://example.invalid/install.sh | bash" | shellguard scan

Create an HTML report:

shellguard report session.jsonl -o shellguard-report.html

Scan recent shell history:

shellguard history --limit 1000

Commands

Command Description Example
shellguard record [command...] Record a command or interactive shell session to JSONL. shellguard record -o session.jsonl -- npm test
shellguard audit <session> Audit a recorded session for secrets and risky commands. shellguard audit session.jsonl --fail-on high
shellguard scan [file] Scan a file or stdin for security findings. shellguard scan deploy.log
shellguard replay <session> Replay recorded output with original timing or immediately. shellguard replay session.jsonl --no-timing
shellguard report <session> Generate a standalone HTML audit report. shellguard report session.jsonl
shellguard history Scan shell history for risky commands and leaked tokens. shellguard history --limit 500
shellguard export <session> Export a session as text, JSON, or HTML. shellguard export session.jsonl --format text
shellguard rules List built-in audit rules. shellguard rules

Configuration

Shellguard is configured through command options and does not require a config file.

Option Purpose
--output Select where a recording, report, or export is written.
--shell Run a recorded command through the current shell.
--fail-on Return exit code 2 when findings meet a severity threshold.
--json-output Print scanner or auditor results as JSON.
--speed Adjust replay timing.
--path Scan a specific shell history file.
--limit Restrict history scanning to the most recent commands.

Recordings are JSON Lines files. Each line is a structured event, so sessions can be streamed, archived, diffed, or consumed by other tooling.

License

MIT License. See LICENSE.

About

Terminal session recorder and security auditor

Topics

python cli security terminal audit session-recorder

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages