EnvHunter ๐
EnvHunter is a Ruby-based CLI tool that searches GitHub repositories or gists for .env files containing potentially sensitive high-entropy secrets like API keys or tokens.
โ๏ธ Features
- ๐ Searches GitHub repos or gists for
.envfiles - ๐งช Detects
.envvariables with names containingKEYorTOKEN - ๐ Filters secrets based on entropy (Shannon entropy)
- ๐ฌ Outputs results in
terminal,json, orcsvformats - ๐ Uses GitHub API (requires a Personal Access Token)
๐งฐ Installation
As a Ruby Gem
gem install envhunter
Or clone and build locally:
git clone https://github.com/yourusername/envhunter.git
cd envhunter
gem build envhunter.gemspec
gem install envhunter-1.0.0.gem
๐ณ Docker
docker build -t envhunter .
docker run --rm -e GITHUB_TOKEN=your_token_here envhunter scan --mode gists --format json
๐ Usage
envhunter scan [options]
Options
| Option | Description |
|---|---|
--mode |
repos (default) or gists |
--format |
terminal, json, or csv |
๐ Authentication
Set your GitHub token:
export GITHUB_TOKEN=your_token_here
๐ Output Example
=== High Entropy Keys Found ===
User: johndoe
Repo/Gist: johndoe/myrepo
File: .env
Match:
API_TOKEN=abcd123...
----------------------------------------
๐ License
MIT License ยฉ 2025 Dave Williams [email protected]