Packages and Binaries:


This package contains a SAST tool for detecting hardcoded secrets like passwords, API keys, and tokens in git repos. Gitleaks aims to be the easy-to-use, all-in-one solution for finding secrets, past or present, in your code. Features:

  • Scan for commited secrets
  • Scan for unstaged secrets as part of shifting security left
  • Scan directories and files
  • Available Github Action
  • Custom rules via toml configuration
  • High performance using go-git
  • JSON, SARIF, and CSV reporting
  • Private repo scans using key or password based authentication

Installed size: 7.96 MB
How to install: sudo apt install gitleaks

  • libc6
root@kali:~# gitleaks -h
  gitleaks [OPTIONS]

Application Options:
  -v, --verbose             Show verbose output from scan
  -q, --quiet               Sets log level to error and only output leaks, one
                            json object per line
  -r, --repo-url=           Repository URL
  -p, --path=               Path to directory (repo if contains .git) or file
  -c, --config-path=        Path to config
      --repo-config-path=   Path to gitleaks config relative to repo root
      --clone-path=         Path to clone repo to disk
      --version             Version number
      --username=           Username for git repo
      --password=           Password for git repo
      --access-token=       Access token for git repo
      --threads=            Maximum number of threads gitleaks spawns
      --ssh-key=            Path to ssh key used for auth
      --unstaged            Run gitleaks on unstaged code
      --branch=             Branch to scan
      --redact              Redact secrets from log messages and leaks
      --debug               Log debug messages
      --no-git              Treat git repos as plain directories and scan those
      --leaks-exit-code=    Exit code when leaks have been encountered
                            (default: 1)
      --append-repo-config  Append the provided or default config with the repo
      --additional-config=  Path to an additional gitleaks config to append
                            with an existing config. Can be used with
                            --append-repo-config to append up to three
  -o, --report=             Report output path
  -f, --format=             JSON, CSV, SARIF (default: json)
      --files-at-commit=    Sha of commit to scan all files at commit
      --commit=             Sha of commit to scan or "latest" to scan the last
                            commit of the repository
      --commits=            Comma separated list of a commits to scan
      --commits-file=       Path to file of line separated list of commits to
      --commit-from=        Commit to start scan from
      --commit-to=          Commit to stop scan
      --commit-since=       Scan commits more recent than a specific date. Ex:
                            '2006-01-02' or '2006-01-02T15:04:05-0700' format.
      --commit-until=       Scan commits older than a specific date. Ex:
                            '2006-01-02' or '2006-01-02T15:04:05-0700' format.
      --depth=              Number of commits to scan

Help Options:
  -h, --help                Show this help message

Updated on: 2021-Nov-26