- it uses Shannon Entropy to find private keys.
- it supports multiprocessing for analyzing files.
- it unpacks compressed archives (e.g. zip, tar.gz etc.)
- it supports advanced search using simple rules (details below)
Usage
usage: DumpsterDiver.py [-h] -p LOCAL_PATH [-r] [-a]
Command line options
-p LOCAL_PATH
 - path to the folder containing files to be analyzed.-r, --remove
 - when this flag is set, then files which don't contain any secret (or anything interesting ifÂ-a
 flag is set) will be removed.-a, --advance
 - when this flag is set, then all files will be additionally analyzed using rules specified in 'rules.yaml' file.
Pre-requisites
To run the DumpsterDiver you have to install python libraries. You can do this by running the following command:
pip install -r requirements.txt
Understanding config.yaml file
There is no single tool which fits for everyone's needs and the DumpsterDiver is not an exception here. So, in config.yaml
 file you can custom the program to search exactly what you want. Below you can find a description of each setting.
logfile
 - specifies a file where logs should be saved.excluded
 - specifies file extensions which you don't want to omit during a scan. There is no point in searching for hardcoded secrets in picture or video files, right?min_key_length
 andÂmin_key_length
 - specifies minimum and maximum length of the secret you're looking for. Depending on your needs this setting can greatly limit the amount of false positives. For example, the AWS secret has a length of 40 bytes so if you setÂmin_key_length
 andÂmin_key_length
 to 40 then the DumpsterDiver will analyze only 40 bytes strings. However, it won't take into account longer strings like Azure shared key or private SSH key.
Advanced search:
The DumpsterDiver supports also an advanced search. Beyond a simple grepping with wildcards this tool allows you to create conditions. Let's assume you're searching for a leak of corporate emails. Additionaly, you're interested only in a big leaks, which contain at least 100 email addresses. For this purpose you should edit a 'rules.yaml' file in the following way:
Gloss