Skip to content

Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.

License

Notifications You must be signed in to change notification settings

dwisiswant0/leakz-passive-workflow

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Leakz

Leakz is Caido's passive workflow to find potential leaked secrets, PII, and sensitive fields.

Install

  1. Download the workflow file via releases page or: wget https://github.com/dwisiswant0/leakz/raw/master/dist/Leakz.json.
  2. In Caido, navigate to Testing > Workflows, then Import the workflow file.

— or

  1. Just execute: bun run workflow:install.
  2. After that, refresh your Caido instance by right-clicking and selecting Reload.

Tip

To update, you must first uninstall it using bun run workflow:uninstall, and then reinstall it to apply the changes, or simply execute bun run workflow:update.

That's it!

Important

Response interception needs to be enabled for this passive workflow to work properly.

Development

Note

Bun toolkit is required.

  • Build (bundled) the sources: bun run build.
  • Compile into Caido workflow: bun run compile.

Caveats

Currently, I understand that it's challenging to selectively opt-in or out of certain kinds of leaks and/or to exclude specific patterns while maintaining good UX.

By default, Leakz does NOT scan for PII & sensitive fields; you can configure this in the config.ts file and then rebuild and compile the source to apply them.

Limitations

Leakz currently does not offer scanning for leaks in request/response headers. See caido/caido#972.

License

The patterns is curated from mazen160/secrets-patterns-db.

Leakz is released with ♡ by @dwisiswant0 under the Apache 2.0 license. See LICENSE.