Forensicssecretskeyspasswordsentropydata-analysishardcoded-secrets

DumpsterDiver

DumpsterDiver is a tool to analyze large volumes of data for hardcoded secrets like keys and passwords. It supports custom search rules and detects potential secret leaks.

Description

DumpsterDiver is designed to scan big volumes of data in search of hardcoded secrets such as AWS Access Keys, Azure Share Keys, SSH keys, or passwords. The tool helps identify potential secret leaks in files, making it valuable for security audits and data breach investigations.

It allows users to create simple search rules with basic conditions, for example, reporting only CSV files containing at least 10 email addresses. This flexibility aids in targeted analysis of large datasets.

The tool operates on local paths and provides options for advanced analysis using predefined rules in a YAML configuration file.

How It Works

The tool scans files in a specified local path for high-entropy strings indicative of keys (default min length 20, max 80, entropy threshold 4.3) and passwords (with optional complexity checks). It uses rules from '~/.dumpsterdiver/rules.yaml' when the --advance flag is enabled and supports removal of non-secret files. Analysis includes password strength metering and exclusion of specified files or expressions.

Installation

bash

sudo apt install dumpsterdiver

Flags

-p LOCAL_PATHpath to the folder containing files to be analyzed

-r, --removewhen this flag is set, then files which don't contain any secret will be removed

-a, --advancewhen this flag is set, then all files will be additionally analyzed using rules specified in '~/.dumpsterdiver/rules.yaml' file

-s, --secretwhen this flag is set, then all files will be additionally analyzed in search of hardcoded

-o OUTFILEoutput file for results

--min-key MIN_KEYspecifies the minimum key length to be analyzed (default is 20)

--max-key MAX_KEYspecifies the maximum key length to be analyzed (default is 80)

--entropy ENTROPYspecifies the edge of high entropy (default is 4.3)

--min-pass MIN_PASSspecifies the minimum password length to be analyzed (default is 8). Requires adding '-s' flag to the syntax

--max-pass MAX_PASSspecifies the maximum password length to be analyzed

--pass-complex {1,2,3,4,5,6,7,8,9}specifies password complexity level

--exclude-files EXCLUDE_FILES [EXCLUDE_FILES ...]files to exclude from analysis

--bad-expressions BAD_EXPRESSIONS [BAD_EXPRESSIONS ...]bad expressions to exclude

Examples

Shows the help message and usage information

DumpsterDiver -h

Analyzes files in the specified local path for secrets

DumpsterDiver.py -p /path/to/files

Analyzes files and removes those without secrets

DumpsterDiver.py -p /path/to/files -r

Performs advanced analysis using rules from '~/.dumpsterdiver/rules.yaml'

DumpsterDiver.py -p /path/to/files -a

Analyzes files specifically for hardcoded secrets

DumpsterDiver.py -p /path/to/files -s

Searches for passwords with minimum length of 10 characters

DumpsterDiver.py -p /path/to/files -s --min-pass 10

Sets high entropy threshold to 4.5 for key detection

DumpsterDiver.py -p /path/to/files --entropy 4.5

Updated 2026-04-16kali.org ↗