Architecture
Credential Digger finds credentials hardcoded in a repository. The tool is composed of:
- Database
- Python client
- User interface
The database is structured in the following way (arrows point to foreign keys). Both Postgres and Sqlite are supported.
The project includes 3 components: a db (sql folder), a client (credentialdigger folder), and a user interface (ui folder).
create_table.sql defines the db schema.
In case of Postgres, this script is launched to initialise the db. In case of sqlite, the tables are set when the client is instantiated.
Note that, given the file_name and commit_hash of a discovery, both the commit and the file can be accessible at addresses:
REPO_URL/commit/COMMIT_HASH
REPO_URL/blob/COMMIT_HASH/file_nameThis client can be used to easily interact with the db. It offers a scanner for git repositories, based on Hyperscan (others can be implemented). Please note that the database must be up and running when using Postgres, while it is created on-the-fly when using Sqlite (if not already created).
The user interface can be used to easily perform scans and flag the discoveries.