Gitleaks
Detect secrets, API keys, and passwords in Git repositories
Recon & OSINT6 commands
#secret#git#leak#detection
Installation
1Install using Go
2Verify installation
go install github.com/zricethezav/gitleaks/v8@latest
# Verify
gitleaks --versionBasic Usage
Scan Git repositories for hardcoded secrets and credentials
# Scan local directory
gitleaks detect -s .
# Scan a remote repository
gitleaks git -r https://github.com/org/repo
# Scan with custom rules
gitleaks detect -s . --config custom.toml
# Output results to JSON
gitleaks detect -s . -r results.jsonCommand Reference
6 commands
1Scan a local directory for secrets
detect2Scan a remote Git repository
git3Source path to scan
-s4Remote repository URL or output file
-r5Custom configuration file
--config6Verbose output
--verboseWhen to Use
1
Scanning your own repos for accidentally committed secrets2
Security audits of third-party repositories3
CI/CD pipeline integration to prevent secret leaks4
Post-compromise assessment for credential exposureNotes & Tips
1
Supports over 150 built-in secret patterns2
Can be integrated into CI/CD pipelines via GitHub Actions, GitLab CI, etc.3
Custom rules can be defined in a TOML config file4
Pre-commit hook available to prevent secrets from being committedCommon Errors & Solutions
False positives
Use --config to create a custom allowlist for known false positives
Scan too slow
Use --log-level warn to reduce output or scan specific directories