Knowledge Feed
Feedleak-hunter:資安憑證掃描工具
🌐 Web

leak-hunter:資安憑證掃描工具

image 1

[Skip to content](https://leak-hunter.gh.miniasp.com/?brid=YWdncwFLvV5q7FaAiOY8LHYXIuO0#main)

Redaction-first CLI

# Find exposed secrets before attackers do.

**leak-hunter** scans local folders and GitHub repositories for likely leaked credentials, ranks findings with a context-aware risk model, and keeps output redacted by default.

[Install the scanner](https://leak-hunter.gh.miniasp.com/?brid=YWdncwFLvV5q7FaAiOY8LHYXIuO0#install) [View source](https://github.com/doggy8088/leak-hunter)

![Abstract cybersecurity scanner artwork with code-grid depth, glowing scanner traces, and defensive security motifs.](https://leak-hunter.gh.miniasp.com/assets/leak-hunter-hero.jpeg)Live scan postureTargets:local paths + GitHub reposReports:text, JSON, MarkdownDefault:redacted output

01 / local

`leak-hunter .`

Audit a working tree before credentials leave the machine.

02 / github

`leak-hunter owner/repo`

Resolve HTTPS, SSH, and shorthand GitHub targets into temporary clones.

03 / ci

`leak-hunter --json .`

Emit machine-readable reports for policy checks, dashboards, and review bots.

What it protects

## A scanner built for maintainers.

Secret detection is noisy when it ignores context. leak-hunter combines pattern inventory, path awareness, risk scoring, and safe defaults so teams can triage quickly without publishing sensitive values.

### Context-aware risk scoring

Findings are ranked from low to critical with boosts and reductions for paths, fixtures, and common false positives.

### Redaction by default

Reports mask values unless a reviewer explicitly opts into local, manual inspection with `--no-redact`.

### GitHub target resolution

Scan repository URLs, `owner/repo` shorthand, SSH remotes, branches, and tags from one binary.

### Cross-platform release path

The npm package installs the native cargo-dist binary and verifies release checksums before use.

Report output

## Human readable. Bot ready.

Use text for terminal review, JSON for automation, or Markdown for handoff documents. Findings stay sorted by risk so the highest-signal issues surface first.

``` Leak Hunter Report ================== Target: github.com/doggy8088/leak-hunter Risk buckets: critical 0 / high 1 / medium 3 Redaction: enabled

type file risk cloud key config/app.example 82 db connection src/settings.rs 64 token-like value docs/example.md 41

value: next: review context, rotate if real, keep report redacted ```

Install

## One command, native speed.

npm package

`npm install -g leak-hunter`

from source

`cargo install --path .`

🔗 查看原始來源