ExploitCraft

ExploitCraft / envleaks

Public

Scan codebases, git history, and Docker images for accidentally exposed secrets

doc.emonpersonal.xyz cli devsecops hackerinc python scanner
11
1
89% credibility
Found Mar 21, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

envleaks scans projects, files, and change histories to detect accidentally exposed sensitive information like passwords and access codes.

How It Works

1
πŸ’‘ Discover envleaks

You hear about a friendly helper that spots hidden passwords and private info accidentally left in your project's files, keeping everything safe.

2
πŸ“¦ Get it ready

You add this security checker to your computer in just a couple of easy steps.

3
πŸ“ Pick your folder

You choose the main folder of your work or a specific file to examine.

4
πŸ” Start the check

The tool quietly searches through all your files and even old versions for any sneaky secrets.

5
πŸ“Š See the colorful report

A clear, easy-to-read summary pops up, highlighting any issues with their exact spots.

6
πŸ› οΈ Fix the problems

You simply remove or protect the found secrets to make your project secure.

πŸ›‘οΈ All safe now!

Your project is protected from leaks, and you feel confident using the checker regularly.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is envleaks?

envleaks is a Python tool that scans codebases, git history, and Docker images for accidentally exposed secrets like API keys, credentials, and private keys. It catches leaks in current files or past commits that tools like git-secrets might miss, with support for scanning github repositories locally or in CI pipelines. Users run simple CLI commands like `envleaks scan . --git-history` to get terminal output, JSON, or SARIF reports.

Why is it gaining traction?

It stands out with 100+ detection patterns for AWS, GitHub tokens, Stripe, Slack, and more, plus git history scanning to find old leaks. CI mode exits with code 1 to block pipelines, and SARIF output integrates directly with GitHub Advanced Security for vuln scanning in PRs. Fast skips of binaries and node_modules make it practical for large repos without the bloat of heavier scanners.

Who should use this?

DevOps engineers adding secret scanning to GitHub Actions workflows, security teams auditing codebases for exposed credentials, and open-source maintainers checking git history before pushes. Ideal for Python devs scanning their own projects or contributors reviewing PRs for leaked keys in Docker images.

Verdict

Worth trying for lightweight secret scanning in CIβ€”solid docs and easy GitHub integration punch above its 11 stars and alpha status. Low 0.9% credibility score flags early maturity with limited testing, so pair it with truffleHog for production until it matures.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.