Fencer is a mini-CLI tool that can used to scan various kind of secrets/credentials that are hardcoded into a project source code files
Identiying the secrets injected into the source code and outputs it along with the kind of secret (Eg: AWS Creds, Github Personal Access Token)
Exluding sub-dirs within the project that does not have UTF 8 encoded files like build/, target/
If you installed Cargo, the official Rust Package manager, run the following command:
sh
cargo install fencer
https://crates.io/crates/fencer
If rust/cargo isn't installed on your machine, you can directly install the executable from the repo's release page
This repo comes in with a Dockerfile that can be built and run locally
sh
docker build -t fencer:local .
```bash ❯ fencer --help Fencer 1.0.0 Naresh, nareshbalajia@mail.com A mini CLI tool to scan creds and secrets in source code
USAGE:
fencer [OPTIONS] --project_dir
OPTIONS:
-e, --exclude_paths
-h, --help
Print help information
-p, --project_dir <project_dir>
Input the relative path to the project dirs
-V, --version
Print version information
```
Mounting the project directory using the docker run command would enable the tool to be run via Docker
bash
docker run -v "$(pwd)"/<project_dir_path>:/app -it nareshbalajia/fencer:latest --project_dir /app
| Secret Type | Match Pattern | | --- | --- | | aws | REGEX | | amazonmwsauthtoken | REGEX | | authorizationbasic | REGEX | | authorizationbearer | REGEX | | authorizationapi | REGEX | | googleapi | REGEX | | googleoauth | REGEX | | herokuapi | REGEX | | firebase | REGEX | | facebookaccesstoken | REGEX | | githubaccesstoken | REGEX | | sshrsa | String Match | | ssh_ec | String Match | | passwords | REGEX/String Match |