Compliance-grade CLI scanner for cleartext passwords in browser memory
Project description
Edge Password Leak Scanner
Compliance-grade CLI tool for detecting cleartext passwords in browser process memory.
What is this?
Edge Password Leak Scanner audits running browser processes (Edge, Chrome, Arc, Brave) for cleartext password storage vulnerabilities. It generates SOC2/ISO 27001-compliant audit reports, helping enterprise security teams respond to the Microsoft Edge credential leak vulnerability and verify their environments aren't exposing sensitive data in memory.
Features
- Multi-browser scanning – Detects credential leaks in Edge, Chrome, Brave, and Arc processes
- Memory forensics engine – Pattern-based detection of cleartext passwords and sensitive data
- Compliance reporting – Generates SOC2/ISO 27001-formatted audit reports (JSON, PDF)
- CI/CD integration – GitHub Actions workflow for automated security scanning
- Enterprise-ready – Zero telemetry, local-first processing, air-gap compatible
- Scheduled scans – Background monitoring with Slack/email alerting
- No dependencies – Minimal runtime footprint, Python-only
Quick Start
Installation
pip install edge-password-leak-scanner
Basic Usage
# Scan all browser processes
epls scan
# Generate compliance report
epls scan --report pdf --output audit_2025.pdf
# Scan specific browser
epls scan --browser edge --json
# Scheduled monitoring (enterprise)
epls daemon --interval 3600 --alert slack
Configuration
Create .env in your project root (see .env.example):
SCAN_INTERVAL=3600
ALERT_SLACK_WEBHOOK=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
REPORT_FORMAT=json
OUTPUT_DIR=./security-audits
Usage Examples
One-time audit for compliance:
epls scan --report pdf --output compliance_audit_$(date +%Y%m%d).pdf
GitHub Actions integration:
- name: Security Scan
uses: your-org/edge-password-leak-scanner@v1
with:
report: pdf
fail-on-findings: true
Continuous monitoring:
epls daemon --interval 3600 --alert slack --report json
Tech Stack
- Language – Python 3.9+
- Process inspection –
psutil - Memory analysis – Pattern matching, regex-based detection
- Reporting – JSON, PDF (jinja2 templates)
- CI/CD – GitHub Actions
- Testing – pytest
License
MIT – See LICENSE for details
Security Notice: This tool performs local memory inspection only. No data is transmitted. For questions, see SECURITY.md.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file edge_password_leak_scanner-0.1.0.tar.gz.
File metadata
- Download URL: edge_password_leak_scanner-0.1.0.tar.gz
- Upload date:
- Size: 15.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.25
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
06fc78b5e1e912000e9bbc926054484ae3d90ec490d27c13de88e1fa81f69014
|
|
| MD5 |
853b55a9047b5d012ff5cc7474215285
|
|
| BLAKE2b-256 |
d3cdd79a544e16c7f4b1b4ba83edf80e2783ee428bdf6970e0a94dffbb25a939
|
File details
Details for the file edge_password_leak_scanner-0.1.0-py3-none-any.whl.
File metadata
- Download URL: edge_password_leak_scanner-0.1.0-py3-none-any.whl
- Upload date:
- Size: 13.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.25
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d80ff42f5afcda2f2b1ececd85e5789ad3a8fdd9cfa6711521d39b8bcc215459
|
|
| MD5 |
3af2e72b2c1dd6617fc1608522125b14
|
|
| BLAKE2b-256 |
5c04a0439745d969c41ea852e16dff00e6590d19555df1125d1273035deb0ae8
|
