Python 3.10+ Tkinter GUI MIT License Cross Platform
Security Scanning 37+ Patterns Multi-Format Export
๐ A powerful desktop GUI application for scanning GitHub repositories and commit history to detect accidentally committed sensitive information like API keys, passwords, tokens, and other security vulnerabilities.
๐ Fast โข ๐ฏ Accurate โข ๐ Secure โข ๐จ User-Friendly
โ ๏ธ IMPORTANT: GitGuard is a defensive security tool designed to help users identify accidentally committed sensitive information in their own repositories. Never use this tool to scan repositories you don't own or have explicit permission to analyze.
- ๐ Comprehensive Scanning: Analyzes entire repository history including all commits
- ๐ง Advanced Pattern Detection: Identifies 37+ types of sensitive data with intelligent context-aware filtering
- ๐ฏ False Positive Elimination: Smart filtering for test files, documentation, checksums, and development configs
- ๐ Risk Assessment: Automatic risk scoring with color-coded visualization and severity categorization
- โจ Professional GUI: User-friendly Tkinter interface with 4-tab workflow and comprehensive menu system
- ๐ Authentication Management: Secure token storage with optional obfuscation and user consent warnings
- ๐จ Custom Pattern Editor: GUI-based creation, testing, and management of custom detection rules
- ๐ ๏ธ Advanced Error Handling: Context-aware error dialogs with technical details and suggested solutions
- ๐ High-Performance Scanning: 10x faster with batch processing and smart file prioritization
- ๐ Professional HTML Reports: Auto-opening responsive reports with statistics and risk visualization
- ๐ Multi-Format Export: Generate reports in CSV, JSON, and HTML with comprehensive metadata
- ๐ง Intelligent Caching: Repository-specific result caching with commit-hash validation
- ๐ Local Processing: All scanning performed locally - no data transmitted to external services
- ๐ก๏ธ Secure Authentication: Optional GitHub token storage with encryption warnings and user control
- โ๏ธ Configuration Management: Persistent settings with import/export and security controls
- ๐ Comprehensive Logging: Full application logging with session tracking and performance metrics
๐ API Keys & Tokens (Click to expand)
| Service | Pattern Example | Risk Level |
|---|---|---|
| ๐ถ AWS Access Keys | AKIA[0-9A-Z]{16} |
๐ด Critical |
| ๐ GitHub PAT | ghp_[a-zA-Z0-9]{36} |
๐ด Critical |
| ๐ฅ Firebase Keys | AIza[0-9A-Za-z-_]{35} |
๐ High |
| ๐ณ Stripe API | sk_live_, sk_test_ |
๐ด Critical |
| ๐ง SendGrid | SG.[0-9A-Za-z-_]{22} |
๐ High |
| ๐ฑ Twilio | AC[a-f0-9]{32} |
๐ High |
| ๐ฐ PayPal | EO[0-9A-Za-z-_]{50} |
๐ด Critical |
| ๐๏ธ Shopify | shpat_[a-zA-Z0-9]{32} |
๐ High |
๐๏ธ Database Credentials (Click to expand)
- ๐ MongoDB:
mongodb://[user:pass@]host:port/db - ๐ฌ MySQL:
mysql://[user:pass@]host:port/db - ๐ PostgreSQL:
postgresql://[user:pass@]host:port/db - ๐๏ธ Redis: Connection strings with embedded credentials
- ๐ Generic DB URLs: Any connection URL with embedded credentials
๐ Private Keys & Certificates (Click to expand)
- ๐ RSA Private Keys:
-----BEGIN RSA PRIVATE KEY----- - ๐ SSH Private Keys:
-----BEGIN OPENSSH PRIVATE KEY----- - ๐ก๏ธ PGP Private Keys:
-----BEGIN PGP PRIVATE KEY----- - ๐ SSL/TLS Certificates: Various certificate formats
- ๐ซ JWT Tokens: JSON Web Tokens with high entropy
๐ Environment Variables (Click to expand)
- โก Common Secrets:
SECRET,PASSWORD,TOKEN,KEY - โ๏ธ AWS Variables:
AWS_ACCESS_KEY,AWS_SECRET_KEY - ๐ง API Keys:
.envformat API keys and tokens - ๐ณ Docker Secrets: Docker Compose environment secrets
- โธ๏ธ Kubernetes: Secret manifests and config maps
- ๐พ Save Authentication Button: New manual save option for GitHub credentials
- ๐ Secure Token Storage: Optional GitHub token persistence with Base64 obfuscation
โ ๏ธ Security Warnings: Clear consent dialogs for token storage with risk explanations- ๐ Auto-Load Credentials: Automatic restoration of saved authentication on startup
- ๐ Auto-Open HTML Reports: HTML exports now automatically open in browser
- ๐ Enhanced Report Quality: Improved error handling and fallback mechanisms
- ๐ Output Organization: Default output folder creation with proper gitignore protection
- ๐งช Smart Test File Filtering: Automatic detection and filtering of test files (_test.go, /tests/, etc.)
- ๐ Documentation Exclusions: Skip obvious examples in .md files and documentation
- ๐ง Development Config Filtering: Intelligent handling of docker-compose.dev.yml and localhost configs
- โ๏ธ Basic Auth False Positives: Enhanced filtering for game content ("Basic Sword" vs authentication)
- ๐งฎ Checksum File Handling: Proper exclusion of Go package checksums (go.sum) from secret detection
- ๐ Template Pattern Recognition: Filter environment variable templates like
${JWT_SECRET} - ๐๏ธ Database Credential Filtering: Smart detection of test/development database connections
Python 3.10+ Git Required GitHub Token
# Clone the repository git clone https://github.com/dev-alt/GitGuard.git cd GitGuard # Install dependencies pip install -r requirements.txt # Launch GitGuard python src/gui.py
- ๐ Authenticate: Enter your GitHub token in the Authentication tab
- ๐ Load Repositories: Browse and select repositories from your GitHub account
- ๐ Configure Scan: Choose scan depth and configure detection patterns
โถ๏ธ Start Scanning: Click scan and watch real-time progress- ๐ Review Results: Export results to HTML, CSV, or JSON formats
๐ ๏ธ Create Your Own Detection Rules!
GitGuard includes a powerful GUI-based pattern editor for creating custom detection rules:
#ExampleCustomPattern Name:InternalAPIKey Description:Company-specificAPIkeyformat Pattern:MYCO_API_[A-Za-z0-9]{32} RiskLevel:HIGH
Features:
- ๐ฏ Real-time Regex Testing: Test patterns before saving
- ๐ Pattern Library: Import/Export pattern collections
- ๐ง JSON Export/Import: Share patterns across installations
- โ Validation: Automatic pattern validation and suggestions
โ๏ธ Scanning Configuration (Click to expand)
- ๐ Surface (Latest Commit): Fast scanning of current repository state
- ๐ Deep (Full History): Complete commit history analysis
- ๐๏ธ Custom: User-defined commit range and file filtering
- ๐ Batch Processing: Configure concurrent file operations
- ๐ฏ File Prioritization: Scan high-risk files first
- ๐พ Intelligent Caching: Skip unchanged repositories
- โฑ๏ธ Timeout Controls: Prevent hung operations
๐ Export Formats (Click to expand)
- ๐ HTML: Interactive reports with charts and statistics
- ๐ CSV: Spreadsheet-compatible tabular data
- ๐ JSON: Structured data for programmatic analysis
- ๐ Risk Visualization: Color-coded severity indicators
- ๐ Statistical Analysis: Finding counts by type and severity
- ๐ Interactive Navigation: Click-to-view source code
- ๐ Metadata: Scan configuration and timestamp information
We welcome contributions! Here's how you can help:
- ๐ด Fork the repository
- ๐ฟ Create a feature branch (
git checkout -b feature/amazing-feature) - ๐พ Commit your changes (
git commit -m 'Add amazing feature') - ๐ Push to branch (
git push origin feature/amazing-feature) - ๐ฎ Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License- ๐ GitHub API: For providing excellent repository access
- ๐ Python Community: For the amazing ecosystem and libraries
- ๐ Security Researchers: For inspiration and pattern identification
- ๐ฅ Open Source Community: For feedback and contributions
GitHub Stars GitHub Forks GitHub Watchers
Made with โค๏ธ for the security community
GitGuard - Protecting your repositories, one commit at a time ๐ก๏ธ