‘Shhgit’ Web App Will Scan Github Repository For Private Crypto Keys

• Toshendra Kumar Sharma
• October 30, 2019

‘Shhgit’ is the new web app that will search for sensitive secrets such as private crypto keys by scanning the web-based Github code repository. The new tool ‘Shhgit’ was introduced by Paul Price, the programmer and security expert. Shhgit’s function is to scan public code repositories for secrets that might sometimes end up in the hands of bad actors or malicious users and may ultimately have the potential of causing significant data breaches.

Paul Price stated that it is not new to find potentially harmful secrets across Github. According to the programmer and security expert, there is umpteen number of open-source tools available like truggleHog and Gitrob, which all dig into “commit history to find secret tokens from specific repositories, users or organizations.”

Price also added that software developers who unwillingly leak secrets sometimes across public code repositories must ensure that the secrets do not end up in their own codebases in the first place. As quoted by Price, “config files should be encrypted with an environment-based key.”

Github is a popular code hosting platform for collaboration and version control. It allows you and others to work together on projects. Github is a development platform that allows you to host and review code, build software alongside 28 million developers, and manage projects efficiently. Git is an open-source version control system that keeps revisions made by developers straight by storing the modifications and changes made to the code in a central repository. This way, developers will be able to collaborate easily. While Git is a command-line tool, hub refers to the center around which all things involving Git revolve. The social networking feature of Github is very powerful as it lets users maintain their own profiles.

Right from when Github was launched, scanning for secrets in public code repositories has existed. But some recent data breaches such as the Capital One hack exposed the personal data of more than 100 million individuals. This reveals the severe implications faulty security can have as it can lead to reputational damage and huge fines.

In July this year, CNN reported that the confidential data of more than 106 million Capital One customers’ accounts and credit card applications were stolen by an alleged hacker. A Seattle resident was arrested by the FBI on suspicious grounds as the U.S. Department of Justice accused him of having gained access to personal data such as email addresses, phone numbers, zip codes, names, addresses, dates of birth, and self-reported income. The hacker gained access to one million Canadian Social Insurance Numbers, 80,000 bank account numbers, and 140,000 Social Security Numbers. He also gained access to the credit limits, credit scores, and balances of customers.

Paul Price states that his ‘Shhgit’ tool can aid in finding any secrets that are accidentally committed to real-time. This will give developers the time needed to delete any sensitive information before hackers can gain access to anybody’s private information.

To know more about blockchain technology, check out Blockchain Council.