Coding cryptographic projects is quite difficult without running the risk of losing your private keys. Shhgit, a Web application and a downloadable tool from Paul Price aims at least to reduce the risks that this will happen.
The application, which is open source, analyzes the GitHub code repository for dangerous files and data. As a novice coder, you may have left your password data or private keys in the public repository without being aware of it. When this happens, hackers and other bad guys can easily access your data.
"Finding these secrets in GitHub is not new," said Price, a programmer and security expert who is doing well for Darkport. "There are many open-source tools available to help you with this, depending on which side of the fence you're sitting on. On the opponent side, popular tools such as Gitrob and TruggleHog focus on rooting to engage the story to find secret tokens in specific repositories, users or organizations. "
Sshgit is more public about these secrets: it offers a front-end that simply displays them as they appear on GitHub. This means that hackers could monitor potential sites to exploit. But it also encourages coding security because users know that their public repositories are not secure.
Everything that sshgit discovers is not necessarily dangerous information, but you can also configure it to search for the signatures that are of particular interest to you, such as, for example, Ethereum wallet addresses.
As someone who once committed the private keys of a bitcoin wallet to a public GitHub account, let me tell you: I could have used it a few years ago.
The product is free, downloadable here. Price is looking for sponsors to pay for its accommodation because, as you can imagine, its traffic is quite important while people are looking for secrets.
Image of the keys via Shutterstock