floverfelt

Hey all, I created Gistsecrets.io and use it pretty regularly to alert people when they've checked in plaintext passwords on Gists.

All the app does is scrape the public Gists feed every few seconds and looks for the word "secret" or "password". It has a lot of false positives but I've found a few legit usernames/passwords checked in. It's a fun thing to browse at work when I have downtime.

If you don't know what a Gist is, you can read more about them here [1], they're essentially mini-git repos to quickly share code.

I'd love any feedback.

[1]: https://docs.github.com/en/github/writing-on-github/creating...

bradleyjkemp
Neat! I really like the crowdsourcing element where you can easily comment on the gist to make the author aware.

Would something like https://github.com/Yelp/detect-secrets be interesting to include? Either as a filtering step to weed out false positives or to find even more secrets (i.e. that aren't near "password" or "secret")