The new app, called “Shhhgit” will reportedly be able to scan the web-based GitHub code repository and look for private crypto keys.

Shhgit was introduced last nearly 2 weeks ago by the security expert and programmer Paul Price. The app is designed to scan for secrets across the public code repositories, which will sometimes end in the hands of the wrong people. In the rare times that such an event occurs, the people suddenly have the tools to cause enormous data breaches.

According to Price, the discovery of potentially harmful secrets across GitHub is something that’s been going on for a while. He mentioned that there are currently, tons of open-source tools like truggleHog which all dig into history and aim to find secret tokens from specific repositories.

Price also highlighted that in rare cases, software developers have been known to unwillingly leak secrets across public code repositories. He believes that measures need to be taken that in case of such an event, secrets don’t end up in the code base initially. Price said that the bare minimum for config files should be encryption via an environment-based key.

Secrets in public code repositories have also existed since GitHub was launched. One of the more recent breaches, which caught a lot of media attention was the Capital One hack. It’s been widely speculated that the hack left the personal data of over 100 million users exposed.

Shhhgit will help fix a lot of mistakes that can potentially cause great amounts of damage

Price believes that his tool will help quickly identify any secrets which were accidentally committed in real time. If successful, this will give the developers more than enough time to delete any of the harmful information before ill-minded individuals get a front row seat to many people’s private information.

After the Capital One hack happened and it was revealed that 140 000 Social Security numbers, 1 million Canadian Social Insurance numbers and over 80 000 bank account numbers were revealed to the attackers, the co-founder of Morgan Creek Digital Assets Anthony Pompliano reminded everyone:

Realistically, if someone attempts to hack bitcoin, he would need to gain access to the private keys of every single wallet address individually. In the case of the Capital One hack, the attacker only gained one.

You can also check out:

Share This