KyubiSweep is a lightweight, cross-platform CLI tool that scans for exposed secrets, API keys, and tokens across your filesystem. Built with Go for performance, it detects vulnerabilities with features like Shannon entropy analysis, concurrent scanning, and a beautiful security hygiene scorecard, all while requiring zero dependencies.
KyubiSweep
KyubiSweep is a robust, cross-platform command line interface (CLI) tool designed to identify exposed secrets within filesystems. Developed in Go, KyubiSweep operates with maximum efficiency, ensuring high performance without any dependencies.
Key Features:
- 30+ Secret Patterns: Detects a wide range of secrets, including AWS and Google API keys, GitHub tokens, and database credentials.
- Shannon Entropy Analysis: Utilizes advanced algorithms to catch high-entropy strings that may be overlooked by traditional regex methods.
- Concurrent Scanning: Leverages Go's goroutines for rapid, parallel scanning of files.
- Security Hygiene Scorecard: Presents results in a visually appealing, color-coded terminal output that highlights risk levels.
- Zero Dependencies: Operates as a single static binary, making installation straightforward.
- Cross-Platform Compatibility: Functions on macOS (Intel and Apple Silicon), Linux, and Windows environments.
- Smart Filtering: By default, scans only text-based files while skipping binary files.
- Quarantine Mode: Offers the option to relocate sensitive files to a secure location in case potential secrets are found.
Quick Start:
Users have two options to get started: they can either download a pre-built binary or build the tool from source, ensuring easy accessibility.
Usage:
To run KyubiSweep, input the following command in the terminal:
kyubisweep [OPTIONS]
Options include specifying the path to scan, enabling verbose output, showing all severity levels, and moving files with secrets to a quarantine directory:
--path <directory>: Specify the directory to scan (default is the current directory).--verbose: Activate detailed output during the scan.--move-to <path>: Move found files containing secrets to a designated vault location.
Sample Output:
Upon completion, KyubiSweep provides a comprehensive report detailing any critical issues found, including risk breakdowns and specific findings, thus allowing for quick remediation.
| Category | Examples |
|---|---|
| Cloud Credentials | AWS Access Keys, Google API Keys |
| Payment Systems | Stripe API keys |
| Developer Tools | GitHub PATs, NPM tokens |
Project Structure:
The project is organized systematically, featuring an entry point and separate modules for analysis, scanning, reporting, and managing quarantined files.
Quarantine Mode:
Should secrets be detected, the --move-to option can be employed to relocate sensitive files securely. This mode includes safety features to prevent unintentional data loss.
Contribution:
Contributions to the KyubiSweep project are welcomed, fostering a collaborative development environment.
No comments yet.
Sign in to be the first to comment.