Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: View plaintext passwords on GitHub Gists (gistsecrets.io)
4 points by floverfelt 35 days ago | hide | past | favorite | 3 comments

Hey all, I created Gistsecrets.io and use it pretty regularly to alert people when they've checked in plaintext passwords on Gists.

All the app does is scrape the public Gists feed every few seconds and looks for the word "secret" or "password". It has a lot of false positives but I've found a few legit usernames/passwords checked in. It's a fun thing to browse at work when I have downtime.

If you don't know what a Gist is, you can read more about them here [1], they're essentially mini-git repos to quickly share code.

I'd love any feedback.

[1]: https://docs.github.com/en/github/writing-on-github/creating...

Neat! I really like the crowdsourcing element where you can easily comment on the gist to make the author aware.

Would something like https://github.com/Yelp/detect-secrets be interesting to include? Either as a filtering step to weed out false positives or to find even more secrets (i.e. that aren't near "password" or "secret")

That's a good idea! I think the biggest issue right now is the regex. It's super naive and just matches against anything containing the word "secret" or "password" which like you said results in a lot of false positives.

Let me take a look at that repo...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact