Skip to main content

Credential Sweeper

Project description

CredSweeper

GitHub release (latestSemVer) Documentation Status License PyPI Python Test codecov CII Best Practices OpenSSF Scorecard

Introduction

CredSweeper is a tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as tokens, passwords, api keys etc.) in advance. By scanning lines, filtering, and using AI model as option, CredSweeper reports lines with possible credentials, where the line is, and expected type of the credential as a result.

Full documentation can be found here: https://credsweeper.readthedocs.io/

How To Use

Main Requirements

  • Python 3.8, 3.9, 3.10, 3.11

Installation

Details here.

pip install credsweeper

Run

How to use.

Get all argument list:

python -m credsweeper --help

Run CredSweeper:

python -m credsweeper --path tests/samples/password.gradle --save-json output.json

To check JSON file run:

cat output.json
[
    {
        "api_validation": "NOT_AVAILABLE",
        "ml_validation": "VALIDATED_KEY",
        "ml_probability": 0.99755,
        "rule": "Password",
        "severity": "medium",
        "confidence": "moderate",
        "line_data_list": [
            {
                "line": "password = \"cackle!\"",
                "line_num": 1,
                "path": "tests/samples/password.gradle",
                "info": "",
                "value": "cackle!",
                "value_start": 12,
                "value_end": 19,
                "variable": "password",
                "entropy_validation": {
                    "iterator": "BASE64_CHARS",
                    "entropy": 2.120589933192232,
                    "valid": false
                }
            }
        ]
    }
]

Config

credsweeper/secret/config.json - Configuration file for pre-processing of CredSweeper. For more details please check here.

You can set the pattern, extension and path you want to exclude from scanning as below.

{
    "exclude": {
        "pattern": [
            "AKIA[0-9A-Z]{9}EXAMPLE",
            ...
        ],
        "extension": [
            "gif",
            "jpg",
            ...
        ],
        "path": [
            "/.git/",
            "/openssl/",
            ...
        ]
    },
    ...
}

And you can also set source_ext, source_quote_ext, find_by_ext_list, check_for_literals, line_data_output, and candidate_output as below.

  • source_ext: List of extensions for scanning categorized as source files.
  • source_quote_ext: List of extensions for scanning categorized as source files that using quote.
  • find_by_ext_list: List of extensions to detect only extensions.
  • check_for_literals: Bool value for whether to check line has string literal declaration or not.
  • line_data_output: List of attributes of line_data for output.
  • candidate_output: List of attributes of candidate for output.
{
    ...
    "source_ext": [
        ".py",
        ".cpp",
        ...
    ],
    "source_quote_ext": [
        ".py",
        ".cpp",
        ...
    ],
    "find_by_ext_list": [
        ".pem",
        ".cer",
        ...
    ],
    "check_for_literals": true,
    "line_data_output": [
        "line",
        "line_num",
        ...
    ],
    "candidate_output": [
        "rule",
        "severity",
        ...
    ]
}

credsweeper/rules/config.yaml - Configuration file for setting Rule. For more details please check here.

...
- name: API
severity: medium
confidence: moderate
type: keyword
values:
- api
filter_type: GeneralKeyword
use_ml: true
validations: []
- name: AWS Client ID
...

Develop

Tests

To run all tests:

python -m pytest --cov=credsweeper --cov-report=term-missing -s tests/

To run only tests independent of external api:

python -m pytest -m "not api_validation_test" tests/

To obtain manageable (without subprocesses) coverage:

python -m pytest --cov=credsweeper --cov-report=html tests/ --ignore=tests/test_app.py

Benchmark

We have a dataset for testing credential scanners that called CredData. If you want to test CredSweeper with this dataset please check here.

Overall Architecture

To check overall architecture of CredSweeper please check here.

Retrain Model

If you want to check how model was trained or retrain it on your own data, please refer to the experiment folder

License

The CredSweeper is an Open Source project released under the terms of MIT License V2.

How to Get Involved

In addition to developing under an Open Source license, A use an Open Source Development approach, welcoming everyone to participate, contribute, and engage with each other through the project.

Project Roles

A recognizes the following formal roles: Contributor and Maintainer. Informally, the community may organize itself and give rights and responsibilities to the necessary people to achieve its goals.

Contributor

A Contributor is anyone who wishes to contribute to the project, at any level. Contributors are granted the following rights, to:

  • Contribute code, documentation, translations, artwork, and etc.
  • Report defects (bugs) and suggestions for enhancement.
  • Participate in the process of reviewing contributions by others.

If you want to participate in the project development, check out the how to contribute guideline in advance.

Contributors who show dedication and skill are rewarded with additional rights and responsibilities. Their opinions weigh more when decisions are made, in a fully meritocratic fashion.

Maintainer

A Maintainer is a Contributor who is also responsible for knowing, directing and anticipating the needs of a given a Module. As such, Maintainers have the right to set the overall organization of the source code in the Module, and the right to participate in the decision-making. Maintainers are required to review the contributor’s requests and decide whether to accept or not.

Name E-Mail
Jaeku Yun jk0113.yun@samsung.com
Shinhyung Choi sh519.choi@samsung.com
Yujeong Lee yujeongg.lee@samsung.com
Oleksandra Sokol o.sokol@samsung.com
Dmytro Kuzmenko d.kuzmenko@samsung.com
Arkadiy Melkonyan a.melkonyan@samsung.com

How to Contact

Please post questions, issues, or suggestions in issues. This is the best way to communicate with the developers.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

credsweeper-1.8.1.tar.gz (4.8 MB view details)

Uploaded Source

Built Distribution

credsweeper-1.8.1-py3-none-any.whl (4.9 MB view details)

Uploaded Python 3

File details

Details for the file credsweeper-1.8.1.tar.gz.

File metadata

  • Download URL: credsweeper-1.8.1.tar.gz
  • Upload date:
  • Size: 4.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.12.4

File hashes

Hashes for credsweeper-1.8.1.tar.gz
Algorithm Hash digest
SHA256 dc716fb318b455d603d9fda816155173ff21cac496f07e99f86890a0c5218f84
MD5 83dcd56318f6109dedb6340e582e1a71
BLAKE2b-256 1fbb6e28162e235bd61e1d10cab2c3f2a1c5c5ab4ef6becde827203a946c9718

See more details on using hashes here.

File details

Details for the file credsweeper-1.8.1-py3-none-any.whl.

File metadata

  • Download URL: credsweeper-1.8.1-py3-none-any.whl
  • Upload date:
  • Size: 4.9 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.12.4

File hashes

Hashes for credsweeper-1.8.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d6f4316ef2906bd605fa3125d42e750256aea017b2e7d20031a23b8cdc9aa9a7
MD5 af504667d75ca97a72dece4d93adeb02
BLAKE2b-256 e27b4a733c7398bd4fb3de80d59bd2a6b4df313fc809a7bb65c49ceb0a4a7955

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page