Without the issue of running the risk of losing your private keys, coding crypto projects is hard enough.To reduce the chances of that happening, Shhgit, a webapp and downloadable tool by Paul Price aims at reducing the effect.
The open source app, scans code repository GitHub to fish out dangerous files and data. In most cases as a beginning coder, one may have left their password data or private keys inside public repository without realizing. hackers and other cyber attacks can easily access your stuff when this happens.
According to Price, a programmer and security expert who goes by the handle Darkport said that, “Finding these secrets across GitHub is nothing new and available are many open-source tools to help with this depending on which side one belongs. On the adversary side, popular tools such as gitroband truggleHog focus on digging in to commit history to find secret tokens from specific repositories, users or organizations.”
Sshgit offers a front-end that simply displays them as they appear on GitHub. It then means that hackers could watch it for potential places to exploit though the project also encourages safe coding as users now know their public repositories are insecure and are more mindful. sshgit more public about these secrets:
Any way, not everything sshgit uncovers is dangerous information but signatures that you’re particularly interested in can be set to search in the search engine for like, say, ethereum wallet addresses.
Now as people search for secrets, traffic generated is quite high and the product is free and downloadable as Price seeks for sponsors to pay for the hosting.
Credits: John Biggs
JOIN OUR COMMUNITY