Git-Secret – Go Script For Finding An API Key / Some Keywords In Repository
An API key is a simple encrypted string that recognizes an application without any administrator. They are useful for accessing public data anonymously and are used to connect API requests with your project for quota and billing.
These API Keys are too sensitive as they are used in Authentication. A leaked API Key can cause several problems as this can be Security Flaw. Git-Secret is the automated tool used to find the API keys from the GitHub Repositories. We only need to provide the Repository link and the rest of the work is done by the tool. Git-Secret tool is developed in the Golang tool. Git-Secret tool is available on GitHub, it’s open-source and free-to-use.
Note: Make Sure You have Golang Installed on your System, as this is a Golang-based tool.
Installation of Git-Secret Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/daffainfo/Git-Secret.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the Git-Secret. Now you have to install the Git-Secret using the following command.
sudo go build
Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
Working with Git-Secret Tool on Kali Linux OS
Example 1: Check API of this source: https://github.com/windusasongko/-img-src-x-onerror-prompt-1-
In this example, We will be searching API Keys in the https://github.com/windusasongko/-img-src-x-onerror-prompt-1- Repository.
We are selecting Master Branch.
We have got the Google API key from the apikeys.txt file.
Example 2: Check API with this source: https://github.com/windusasongko/Hello-World-1
In this example, We will be searching API Keys in the https://github.com/windusasongko/Hello-World-1 Repository.
The tool is searching in the repository for API Key.