gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/badsecrets
Thank you for your contribution!
[tags]cryptography,django,jwt,secrets,symfony,rails,framework[/tags] [short_descr]A library for detecting known secrets across many web frameworks.[/short_descr] [link] https://github.com/blacklanternsecurity/badsecrets [/link] [long_descr] A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" (for example, ASP.NET machine keys found in examples in tutorials), and to provide a language-agnostic abstraction layer for identifying their use.
Knowing when a 'bad secret' was used is usually a matter of examining some cryptographic product in which the secret was used: for example, a cookie which is signed with a keyed hashing algorithm. Things can get complicated when you dive into the individual implementation oddities each platform provides, which this library aims to alleviate. [/long_descr] [image] https://raw.githubusercontent.com/gwen001/offsectools_www/main/tmp/e10a651a7111e34e229cd94da5af3d6e.png [/image]