powerful rules functionality to recursively search directories for sensitive information in files.
At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented by the MITRE ATT&CK framework.
Good for catching those Oops I deployed the company password list again SNAFU's.
reply
I tried scanning one repository (gitlab/gitlab) and it spun for a couple of minutes then failed with "Network Error." No other error details are available.
We built customized components for RSC and Logs. You should check it out. It's a bit different from what's out there, and this is from the feedback we got from the team we are working with.
Great.
I implemented my own simple prototype, a python script that edits my clipboard. I used the pyperclip module and a yaml file with a list of key words to substitute.
Substitution is necessary rather than removal, so that the AI's responses are still useful.
I got basic functions working but there are some nice-to-have things missing.
E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.
Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard.
Also, nice to have it work for non manual cases such as when using aider-chat.
Further down the line, automated redaction of screenshots.
23 comments
[ 3.1 ms ] story [ 63.0 ms ] thread[1] https://github.com/Yelp/detect-secrets
https://github.com/brittonhayes/pillager
https://terminaltrove.com/pillager/ <-- TerminalTrove is worth regularly checking.
Good for catching those Oops I deployed the company password list again SNAFU's. replyI am checking if there's any issue right now.
I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".
You can try again. I just tried it
p.s: i have contributed to those projects in past
It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.
I'd love to find a tool that made scrubbing that data easy
I got basic functions working but there are some nice-to-have things missing.
E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.
Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard. Also, nice to have it work for non manual cases such as when using aider-chat.
Further down the line, automated redaction of screenshots.